"Welcome to the Useful Hacking Series, a set of useful security tips in 20 Episodes"

- Paula Januszkiewicz


Useful Hacking Series - by Paula Januszkiewicz

/>
Welcome to the Useful Hacking Series, a set of useful security tips in 20 Episodes presented by Paula Januszkiewicz, penetration tester, MVP and top speaker on international events. Paula is more than happy to share with you the most useful tips from the security audits field.....

"The goal of the series is not only to be a support in the everyday administrative tasks, but also to encourage experiments, show useful tools, inspire to create your own solutions and have fun with technology.
We call the series the "hacking" for the good guys. Enjoy!"

- Paula Januszkiewicz

  

Episode 9: Sniffing and replaying ADFS claims with Fiddler! 

In this episode we are going look into the process authentication with ADFS. We will use “Fiddler” - free web debugging proxy tool to analyze network conversation between website to which user is authenticating and its web browser. This is a very useful tool for troubleshooting ADFS authentication problems and we will learn what the attacker using man-in-the-middle (MITM) attack can see and do and how to prevent token replay attack.

Download episode 9

Vil du lære mer - sjekk ut følgende relevante MasterClasser:

– MasterClass: ADFS Administration and Deployment
– MasterClass: Troubleshooting Windows Infrastructure – From Zero to Hero
– MasterClass: Public Key Infrastructure Management

Episode 8: Memory Analysis Guide: Part Two – Extracting the Juice! 

This episode is a short discussion about how to make the memory useful. The episode is part 2 out of 3 about memory analysis. If you want more - let us know to Twitter @CQUREAcademy.
In "Episode 5 – Memory Analysis Guide: Part One" you have learned how to perform the memory dump. For this episode we assume that you have made your dump and that you will use it for the today’s analysis! 

Download episode 8

Vil du lære mer - sjekk ut følgende relevante MasterClasser:

MasterClass: Hacking and Securing Windows Infrastructure
MasterClass: Troubleshooting Windows Infrastructure: From Zero to Hero
MasterClass: System Forensics and Incident Handling – NEW!
MasterClass: Microsoft Advanced Threat Analytics (ATA) Implementing and Managing - NEW!

Episode 7: Exporting not-exportable – technique for grabbing from certificate its private key that has been made not exportable.

How could it be? “Not exportable!” he said. He did not know that he should never say no to a woman in crisis of exporting private key from the certificate! So that’s how the story starts!

Download episode 7 

Vil du lære mer om temaet?
Sjekk vår MasterClass: PKI Deployment

Episode 6: Measuring Web Server’s Performance - Taste of Denial of Service! 

This Episode will work exactly like a good morning workout - it is a panacea for a bad mood and morning stress. We will simply stress our Web Servers a bit and see how they handle big traffic. The goal is to show you how to set up a simple test and deliver it in 10 minutes! Web logs of the web servers give you the possibility to perform the traffic analysis over time, but how can you estimate how much traffic your infrastructure can handle?

Download episode 6 

Vil du lære mer om temaet?
Sjekk vår MasterClass: Troubleshooting Windows Infrastructure: From Zero to Hero

Episode 5: Memory Analysis Guide: Part One - Memory Dump

If you have already started to wonder why I have decided to divide the subject into 3 parts, the reason is pretty simple: memory analysis is such a huge subject that putting everything into one episode will make your morning coffee last for the whole day! And we still need to work, right? 

Acquiring and analyzing physical memory as done by forensics professionals is a skill crucial to understanding how an operating system works or worked during the incident. For hobbyists, working with memory can be useful to perform troubleshooting and understand how certain solutions work. The valuable content contains evidence of user actions, hacker's tasks, malicious code behaviors, and the story of what happened on a system. Within these 3 parts of memory analysis Useful Hacking Series episodes, you will become familiar with the methods for memory acquisition, techniques for grabbing the juicy data, and why it is so amazing to find someone's memory dump!

Download episode 5

Episode 4: Network Sniffing Techniques

Have you ever wondered what is causing THAT traffic on your network interface card? The network administrators tend to perform network traffic monitoring by capturing the network data and analyzing the packets being sent from one server to another. In this episode, we will discuss how to capture and analyze network traffic using the Network Monitor, NetworkMiner and logman tools.

Download episode 4

Episode 3: How to sniff HTTPS – the ultimate guide to sniff logon credentials

This episode is super concrete: today we are going to play with sniffing the HTTPS traffic using ETW – Event Tracing for Windows, a framework that provides logging capabilities with very little overhead to run-time performance.

Download episode 3

Episode 2: How to steal Kerberos Tickets?

Hi Security Enthusiasts! Today is the time to play a little bit with Kerberos tickets. Actually, we’re stealing them! Within our Episodes we will be discussing passwords several times, but this time let’s raise the bar a bit....

Download episode 2

Vil du lære mer om temaet?
Sjekk vår MasterClass: Hacking and Securing Windows Infrastructure

Episode 1: How to Reset Admin’s Password… Illegally

Hi Security Passionate!  Today is time to play a little bit with offline access combined with the need to solve the problem. How many times did you open the old virtual machine and struggled with the administrative account password? How many times you have been into this situation in the production environment? So get your virtual machine ready – install Windows (whatever version that came after the year 2007), have the ISO image of Windows 7 or 2008 R2 or higher ready and let’s get ready to ramble! 

Download episode 1 

Vil du lære mer om temaet?
Sjekk vår MasterClass: Hacking and Securing Windows Infrastructure

 
 

 

Epost mottat


Du er nå meldt på nyhetsbrevlisten

Epost mottat


Du er nå meldt på nyhetsbrevlisten

Kontakt oss

Business Manager IT Pro

Hroar Henriksen

916 70 066

hroar@glasspaper.no


Glasspaper er kåret til Årets Microsoft Kurspartner 2017 - dette er åttende år på rad vi mottar denne hedersprisen