[ Hacking 101 ] :: VPNs

This entry is part 11 of 11 in the series [ Hacking 101 ]

A VPN gives you some degree of confidentiality (encryption) and privacy (anonymity), and works great in a business situation where you can have end-to-end encryption. But consumer VPNs aren’t the same, because encryption isn’t end-to-end, and providers are a privacy issue. Here’s a look at different connection types from the perspective of a hacker: web …

[ Hacker Night School ] :: Python for Malware Analysis

This entry is part 26 of 26 in the series [ Hacker Night School ]

Python and bash are my two ultimate favorite languages. Both of them let you stick your hands right into the guts of the system, and both let you do really complex things simply and fast. I’ve got an Introduction to Python course over on my http://gnorman.org (white hat) website, which I built exclusively for a …

[ Pen Testing ] :: Step by Step :: Exploiting SETUID

This entry is part 1 of 1 in the series [ Penetration Testing ]

Setting the user ID on an executable means it runs under that user’s permissions, not the perms of the user that runs the executable. It’s highly useful in system admin, but it’s wildly dangerous too, because every SETUID file is a vector for hacking. John Hammond (on YouTube) give an excellent example in the context …

[ Hacker Night School ] :: Kali Linux Metapackages (All Tools or Subsets)

This entry is part 20 of 26 in the series [ Hacker Night School ]

There are actually four subsets of tools you can install with Kali, depending on your needs, disk resources and download speeds. These packages have names like kali-linux-full and kali-linux-all (those sound the same, don’t they?). Fortunately the good people at Offensive Security have a guide to the various metapackages. For instance: kali-linux is the barebones, …