Linux X86 Assembly – How To Make Payload Extraction Easier

Overview In the last blog post of the X86 Linux assembly series, we focused on how to make our Hello World payload friendly for use as a payload in exploits.  However, we didn’t cover how to extract the payload itself for use in exploits.  Sure you cou… Continue reading Linux X86 Assembly – How To Make Payload Extraction Easier

LD_PRELOAD: How to Run Code at Load Time

    Today I want to continue the series on using LD_PRELOAD.  In previous posts, we covered how to inject a shared object binary into a process, and use that to hijack a library function call to run our own code.  This is great when we want to overwrit… Continue reading LD_PRELOAD: How to Run Code at Load Time

Solving the November 13th Detective Nevil Mystery Challenge

Overview Each week on Friday, we post a social media challenge known as “Detective Nevil Mystery Challenge”.  On November 13th of 2020, we released a challenge that contained a payload and it was only solved by one person on twitter.  That challenge is… Continue reading Solving the November 13th Detective Nevil Mystery Challenge

Not-So-Random: Using LD_PRELOAD to Hijack the rand() Function

    Today I wanted to continue the series on using LD_PRELOAD.  In today’s post we are going to use LD_PRELOAD to hijack the rand() function in a simple random number guessing game to control the generation of random numbers and effectively be able to … Continue reading Not-So-Random: Using LD_PRELOAD to Hijack the rand() Function

LD_PRELOAD – Introduction

    Today I wanted to start what I plan to be a small series of blog posts about LD_PRELOAD. LD_PRELOAD is related to Linux based systems and revolves around the loader system and how shared object libraries resolve linker symbols when loading a dynami… Continue reading LD_PRELOAD – Introduction

How to configure Android (Virtual) for Mobile PenTest

This post is about setting up an Android Virtual Machine (AVD) for a mobile application penetration test.
The post How to configure Android (Virtual) for Mobile PenTest appeared first on Security Boulevard.
Continue reading How to configure Android (Virtual) for Mobile PenTest

Encryption – CISSP Domain 3

We’re circling back to some more CISSP-related materials.  Today’s topic will be encryption, which can be found in CISSP Domain 3. By its very nature, encryption is meant to hide the meaning or intent of a communication from unintended… Continue reading Encryption – CISSP Domain 3

Encoding – CISSP Domain 3

Today we’re going to take a quick look at encoding, as covered in Domain 3 of the CISSP common body of knowledge (CBK). There is often some confusion between encoding and encryption, so one of the purposes of this article is to look at how the CB… Continue reading Encoding – CISSP Domain 3

Einstein Told Us: Why User Awareness is NOT the right focus

“The definition of insanity is doing the same thing over and over again and expecting different results.” – Einstein (Well, not really!) Every day we hear another reason why user awareness (or better-named security awareness) is criti… Continue reading Einstein Told Us: Why User Awareness is NOT the right focus

Building Blocks: Professionally Evil Fundamentals Series

We at Secure Ideas love security education. What we enjoy even more is affordable security education. So we decided to start a Professionally Evil Fundamentals Video series. These are short definition videos related to information security and penetrat… Continue reading Building Blocks: Professionally Evil Fundamentals Series