Codes

In this page you’ll find links to some of the codes we release. Some are written just by us and some are written with our students.

Hope you will find them useful.

 

The Journey Begins – HDE 41

Posted by on Jun 8, 2013 in Main Menu | 0 comments

The Journey Begins – HDE 41

HDE 41 class has started. We wish our students good luck at their new journey. Image by Matan Golan Photography & Graphics. To see more [Facebook Page] and her [Web Page].

read more

How to Conduct a Safe PenTest

Posted by on May 14, 2013 in How To, Main Menu, Position Articles | 0 comments

How to Conduct a Safe PenTest

Introduction This article is intended to the PenTest Vendor as well as the PenTest receiver. The idea is to provide the reader with tips to follow in order to make sure that while you are conducting the pentest you do not harm the systems or their availability. These tips refer mostly to infrastructure or Web Application testing and not to protocol, application or other types of security tests.   Things to Remember   Lower Performance PenTest Provider – Do not conduct any tests which might cause degraded performances without...

read more

Sudopot – The Sudo Honeypot – Barak Tawily

Posted by on Apr 16, 2013 in Code | 0 comments

After I took control of a Linux machine, we want to do a privilege escalation, and get a root. So i started thinking how i gonna do it and i found a way to get the root password by faking the sudo command. If i would fake the sudo command, and abuse it when the user would want to execute some application as sudo, it will ask him for a root password,then the root password will send to the attacker, instead to actually execute it. Its half a social engineering attack because the user actually gives us his password but he doesnt know about it....

read more

Hack & Beer 0×03

Posted by on Apr 14, 2013 in Events | 0 comments

Hack & Beer 0×03

Hack & Beer 0×03 is coming up! This time we’ll tackle reverse engineering and debugging around in Win x86 and 64. This time, you can practice while hearing us talk about it right there with your laptop! Learn new and cool tricks of viewing what’s behind that binary file, finding a key for that program or just bypass into some other closed section of the program. This time the event will be held at the awesome ‘Barbarosa’ bar at Haifa. Get your Gunners on and get ready for some action. The guy on the stage will...

read more

Preparations for OpIsrael

Posted by on Apr 5, 2013 in Code, Main Menu | 0 comments

Preparations for OpIsrael

Many articles and reports have been written regarding the immanent threat of AnonGhost on Israel. The attack, which have already started, should peak at the 7th of April 2013. We have decided to take a more pragmatic approach and prepare our servers. Obviously, we are running Linux and using IPTables as our protection. So, here you have it, our little script to help you avoid and block at least some attempts of DDoS and a bit more. Please note, this will REMOVE your old rules and logs! Go over the script carefully and adjust it to your...

read more

mimikatz – Clear Text Passwords

Posted by on Apr 2, 2013 in Code | 0 comments

mimikatz – Clear Text Passwords

WDigest is a DLL first added in Windows XP that is used to authenticate users against HTTP Digest authentication and Simple Authentication Security Layer (SASL) exchanges. Both of these require the user’s plain-text password in order to derive the key to authenticate—thus why it is stored in plain-text. Mimikatz is a slick tool that pulls plain-text passwords out of WDigest (explained below) interfaced through LSASS. I’ve seen many blog posts about this tool and will refer you to them to read more technical details about the way this...

read more

NanoZip Installer

Posted by on Mar 24, 2013 in Code | 0 comments

NanoZip is an experimental file archiver. It consists of several original compressors, put into a single file archiver program aiming for high compression efficiency. Now, since NanoZip is experimental it is not in the repo and is still closed source. Yet, it is a very very poweful compression tool. You can get it using: wget http://hackingdefined.org/tools/GetNanoZip.sh sudo ./GetNanoZip.sh Code: #!/bin/bash if [[ $EUID -ne 0 ]]; then echo "This script must be run as root" 1>&2 exit 1 fi bold=`tput bold` normal=`tput sgr0`...

read more

Methodology of Analysis

Posted by on Mar 12, 2013 in Position Articles | 0 comments

Methodology of Analysis

Background This article will barely discuss technical issues if at all. After some experience with people and organization from Israel and outside of Israel i have noticed an issue with the approach of experienced, smart and capable staff to the methodology and logic of conducting a research / test. In the next page or so i will try to cover the top points for me while reading/conducting a research in the security field and in general. Please notice that by the word ‘research’ i am not referring to reverse engineering or malware...

read more

Wacky Coding Marathon – 1st April

Posted by on Mar 10, 2013 in Events | 0 comments

Wacky Coding Marathon – 1st April

When? At the 1st of April 2013. We’ll start at 09:00 and finish at 16:00 Where? IITC Building. Ha’Hilazon 3, Ramat Gan, Israel What? Well, we are going to code, reverse and research cool stuff. A few project involving Python, Ruby, ASM86, C and PHP (HTML IS NOT A LANGUAGE! That’s why it’s HyperText Markup Language!). Get your Gunners on and your Immunity debugger up and running. Oooh, and if you have worked with Moodle, that would be nice too. This is a link to the event on Facebook so if you’re planning on...

read more

Congradulation HDE 37!

Posted by on Jan 24, 2013 in Main Menu | 0 comments

Congradulation HDE 37!

Hacking Defined Experts class 37 finished the course! Here are the graduates:

read more