• Content count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About vivek.ramachandran

  • Rank
    The phorce is with me!
  1. Hello All, Metasploit is probably one of the most useful tools to a hacker. Contains tons of well tested exploits which can be used with multiple payloads to break into systems. In this video series, I have tried to cover all the essential things one needs to know about Metasploit. I start from the very basics and slowly more towards covering intermediate and advanced functionality. I have already created over 300 mins of video. Note that this series is still in progress and you can keep checking for the latest videos on SecurityTube Below are the video links and a short description: 1. Metasploit Megaprimer (Exploitation Basics and need for Metasploit) Part 1 2. Metasploit Megaprimer (Getting Started with Metasploit) Part 2 3. Metasploit Megaprimer Part 3 (Meterpreter Basics and using Stdapi) 4. Metasploit Megaprimer Part 4 (Meterpreter Extensions Stdapi and Priv) 5. Metasploit Megaprimer Part 5 (Understanding Windows Tokens and Meterpreter Incognito) 6. Metasploit Megaprimer Part 6 (Espia and Sniffer Extensions with Meterpreter Scripts) 7. Metasploit Megaprimer Part 7 (Metasploit Database Integration and Automating Exploitation) 8. Metasploit Megaprimer Part 8 (Post Exploitation Kung Fu) 9. Metasploit Megaprimer Part 9 (Post Exploitation Privilege Escalation) 10. Metasploit Megaprimer Part 10 (Post Exploitation Log Deletion and AV Killing) 11. Metasploit Megaprimer (Post Exploitation and Stealing Data) Part 11 12. Metasploit Megaprimer Part 12 (Post Exploitation Backdoors and Rootkits) 13. Metasploit Megaprimer Part 13 (Post Exploitation Pivoting and Port Forwarding) 14. Metasploit Megaprimer Part 14 (Backdooring Executables) 15. Metasploit Megaprimer Part 15 (Auxiliary Modules) 16. Metasploit Megaprimer Part 16 (Pass the Hash Attack) Please do let me know your feedback!
  2. Dear All, We are excited to launch a brand new section - SecurityTube Tools! ST Tools is a collaboratively edited community wiki which aims to list all the security and hacking tools out there. We have already listed over 280+ popular tools and need your help in building this index further and making it useful to everyone. Why did we start ST Tools? Though there are a couple of sites which maintain lists of tools, we feel the amount of information available there is limited. In most cases, it is just a 1-2 line description. ST Tools changes all this and aims to provide more useful information to the reader. For every tool listed on our site, the following information is given: 1. Description of the Tool: Short summary of the tool's functionality 2. Details: * Website : * Discussion Forum : * Mailing List : * Platforms : * License : * Author : * Contact Email : 3. Sample Usage : Screenshot or Text dump of the tool's usage or help pages 4. Tutorials and Demos : Links to Text and Video tutorials 5. Supporting Links : Links to documentation 6. Books : Links to books if applicable We have already populated most of this information for over 280+ tools. A sample tool's page would look like this: Nmap Tool Page How can you help us? You can help us by adding your tool if you are an author, or by adding other's tools if you use and like them. If you would like to add a tool, please read the Submission Process page first. Also, a lot of details for existing tools might be missing. We would request you to help us correct them. SecurityTube is a growing community and we need your help! Most of us work on the site part time and any help will be highly appreciated. if you would like to get involved and work with us, please do drop us a line!
  3. Yes, all the videos will be made available on SecurityTube free of charge after the conference. We are also planning for a conference CD which will contain the same and will be made available via torrents.
  4. We will probably be using webex, gotomeeting, livestream or something similar i.e. a hosted service by a 3rd party provider. Participants will use IRC/chat to ask questions. It would be practically not feasible for a speaker to "host" the show from a bandwidth perspective, just as you mentioned.
  5. Thanks guys! I am hoping there will be good attendance! This is the first time a full con will be conducted totally online and as the organizer I am both pretty excited and nervous about how things will turn out to be
  6. Awesome! Not sure why nobody else replied
  7. Dear All, is pleased to announce the CFP for SecurityTubeCon, the first hacker conference, to be held completely online! SecurityTubeCon is aimed at democratizing hacker conferences by allowing any researcher, regardless of his physical location, to share his work with the community. Unlike other Cons we will not *accept / reject* speakers. If you have something interesting to share, you WILL be heard. The idea behind SecurityTubeCon is not to pass judgments on your work, instead, it aims at providing a platform for knowledge exchange. Once speakers send in their talk abstracts, we will put it online for the community members to decide which talks they want to attend. On the day of the conference, speakers will broadcast their talks using screencasting software and the interested participants will tune in. The participants will use IRC / chat rooms to ask questions to the speakers during the talks. What else is unique about SecurityTubeCon? a. This conference will be held completely online! b. Location No Barrier - speak / attend SecurityTubeCon from your bedroom c. Language No Barrier - though we would recommend English as the preferred language so you can address a global audience, feel free to speak in the language you are most comfortable with d. $0 is the conference registration fees - absolutely free For the CFP and other details please visit the conference site at Here is a quick summary of the CFP in an FAQ format: ----------------------------------------------------------- 1. When and Where will SecurityTubeCon be held? Venue: Cyberspace Dates: 6th, 7th and 8th November, 2009 2. How will it all work? a. Interested speakers will send us their talk details a. We will post the list of speakers and abstracts online b. Participants will register for talks and will receive webinar invitations c. Speakers will broadcast their talks using screencasting / web conferencing software and invited participants will join in d. The participants will use IRC / Chat rooms to ask questions to the speakers during the talks 3. Are there any requirements to become a speaker? Just two: 1. You should know what you are talking about 2. You will need to submit a video recording of your entire talk before the deadline. This will ensure that participants have something to watch in case there is a last minute technical issue or some other problem. These videos will be made available absolutely free to everyone a week after the conference. 4. Awesome! I want to register as a speaker! How do I apply? To Become a Speaker at SecurityTubeCon, please follow the following steps: a. Send an email to containing the following information: I. Talk Title II. Abstract: Minimum 250 words III. Language in which talk will be delivered in IV. Desired Duration: 15 mins / 30 mins / 60 mins? V. Speaker Names with Email addresses VI. Speaker Bios: As detailed as possible b. Once we receive your email, we will post your talk online and send you a confirmation c. You will need to submit the presentation, tools, other relevant material and a video of the entire talk by October 20th, 2009. We will send you the details on where to upload via email. d. If the material mentioned in © is not received by the deadline, your talk will be removed from the website e. For any additional questions, please contact us at 5. How long can a talk be? 15 mins, 30 mins and 60 mins talk slots are available 6. What are the Deadlines? 1. Deadline to Submit Abstracts: October 10th, 2009 2. Deadline to submit the full presentation and video: October 20th, 2009 3. Conference Dates: 6th, 7th and 8th November 7. What kind of talks will be accepted at SecurityTubeCon? Very broadly, there will be 4 tracks in SecurityTubeCon: a. Research Track: Show your bleeding edge research and zero days here b. Tutorials Track: In-depth Tutorials on security technologies can be given here by domain experts c. Tool Demos: Demonstration of new and cutting edge tools by their original authors d. Security Product Demos: Demos of state of the art security products by companies and organizations Topics can belong to a broad spectrum, here are a couple (neither exhaustive nor limited to): a. Protocol / Application based vulnerability in networks and computers b. Firewall Evasion techniques c. Intrusion detection/prevention d. Data Recovery and Incident Response e. Mobile Security (cellular technologies) f. Virus and Worms g. WLAN and Bluetooth Security h. Analysis of malicious code i. Cryptography and Cryptanalysis j. Computer forensics k. Cyber Crime & law ..... 8. How can I help? a. Please forward this CFP link / email to your friends in the security / hacking community b. Send this CFP to any mailing lists related to security c. Post a link to the conference website on forums, discussion groups you frequent d. Particpate either as a Speaker or as an Attendee 9. I have a question? Need more info? Write to us at ----------------------------------------- Hoping that all of you will attend and participate! Cheers! Vivek Ramachandran
  8. Hello All, I will be posting interesting video on SecurityTube in this thread. It is important to note that these are videos which people have submitted / referred to SecurityTube and have not been made by me. 1. Hacker News Network: HNNCast for the 4th Week of June 2. Endianness Basics: 3. Is it safe to surf porn on an Apple MAC? 4. Building a VNC Backdoor door from scratch More videos to be posted in this thread soon! Enjoy!
  9. This is a valid point! I will add a couple of advanced videos in each of the series very soon to show application of these basic principles to more complicated scenarios. Thanks for the suggestion! Thanks Seal! I am glad you feel so! It takes many man hours to make these videos and it gives me a lot of satisfaction to see people use and benefit from them.
  10. Hello All, Here is the next set of videos: 1. Format String Vulnerabilities Primer (Part 2 Understanding Format Functions) In this video we will try to understand why functions such as Printf are susceptible to Format String attacks. This video is very hands on in nature - we will explore the stack of a vulnerable program using GDB and see how the Printf function interprets the format string to decide on the number of arguments it should pick from the stack. 2. Format String Vulnerabilities Primer (Part 3 Crashing the Program) In this video we will look at how a Format String Vulnerability can be used to crash a program. This could be used by a remote attacker to launch a Denial of Service attack on a server running a vulnerable daemon. 3. Format String Vulnerabilities Primer (Part 4 Viewing the Stack) In this video we will look at how a Format String Vulnerability can be used to view the program stack. Comments and Feedback welcome!
  11. Hello All, After covering Assembly Language and Buffer Overflow basics in detail, I am now moving on to Format String Bugs. This will also be around a 8 part video series, so please bear with me. I will be posting the videos on this thread as I make them. Video 1: The Basics In this first video of the series, we will understand the basics of format strings and format functions and we will look at a simple case where information leakage happens due to a format string vulnerability being present. Thanks!
  12. Most of us install software downloaded from both known and unknown sources. Sometimes, we might have a reason to suspect that the software in question may be doing some malicious activity on our PC - such as modifying a registry key, overwriting an important system DLL etc. In this video we will look at how to reverse engineer a software install process by using InstallWatch.
  13. Hello All, Just wanted to add 2 more videos on Advanced Buffer Overflow techniques: 1. Exploiting Buffer Overflows on systems with linux kernel without ASLR 2. Exploiting Buffer Overflows on systems with ASLR enabled in the kernel using a Brute Force on the Stack These videos have been made by BlackLight from . Enjoy!
  14. Hi G-Brain! Thanks for the detailed review! and sorry for the delay in replying to this post. I did not visit binrev for quite sometime and this post got unnoticed. Coming to the points you made: 1. Assembler specific directives: I agree, i should have mentioned this more clearly. My language might confuse people to believe that _start etc are part of assembly language. 2. Int 0x80 is now obsolete and has been replaced by vsyscall since 2.5.53: Thanks for pointing this out - i was not aware of this change. I think this needs to be clarified in the next video. 3. $ echo $? : Thanks! I think i used this in the buffer overflow series i made, but this is a good way to show the exit code of the last program. I think point (2) is very important and I will make a new video sometime this weekend and mention the change. Also, will add some of the other points you had mentioned. Thanks again G-Brain! You are definitely a linux guru My respect to you! I will be posting a couple of other videos i made here today. Please do let me know your comments! Vivek
  15. Hello All, Just finished creating the next set of videos in the "Assembly Language Primer for Hackers" video series: 4. Writing your First Hello World Program in Assembly 5. Understanding Data types in Assembly Language 6. Moving Data between registers and memory Comments and Feedback welcome! I will be creating the next set of videos over the weekend. -Vivek