Book Released: Web Hacker Boot Camp

Web Hacker Boot Camp
by Gerald Quakenbush
ISBN: 097684071X, 236 pages, $39.95
Sample Chapter (PDF) - Downloads

Order from Amazon.com

Some of the most serious security flaws on the Internet today are application-layer flaws in custom web applications. Such vulnerabilities undermine all other system hardening efforts. While techniques to exploit application-layer flaws are common among hackers, most security professionals have little experience with them.

By Gerald Quakenbush at 2006-02-12 11:09 | read more | 2648 reads

ZombieVM

Hacker's often penetrate poorly protected systems and turn them into zombies. These zombie computers can then be utilized as relay or proxy systems to aid the hacker in obfuscating his or her tracks. Or they might be used in distributed denial of service attacks.

By Gerald Quakenbush at 2006-02-25 13:44 | read more | 2117 reads

StealthVNC

StealthVNC is a slightly modified version of the popular VNC tool. It is far from a bona-fide root kit, and it really does need some work, but it is a handy tool for pentesters. But beware I used an older version of the source and at least one of the mods introduces some vulnerabilities; so use it with caution.
Here are the essential changes made:

By Gerald Quakenbush at 2006-02-25 13:44 | read more | 1972 reads

MasterBugs

I originally wrote MasterBugs as a proof-of-concept program. For a few years, it was buried deep on my hard drive until one day I needed a program whereby I could demonstrate various application-layer security flaws. After some updating to add flaws to MasterBugs, it served the purpose. I continue to add flaws to the program.

By Gerald Quakenbush at 2006-02-25 13:43 | read more | 2661 reads

Downloads

Downloads for Web Hacker Boot Camp

**CAUTION**
These files and programs are DESIGNED TO HAVE SECURITY FLAWS. Using them on productions systems or systems that are merely connected to the Internet is just plain dumb. These programs are for educational use and should only be used in a carefully controlled environment.

Other tools you will need include:


ASAToolbox Pre-Alpha Release

This download is intended for friends and associates – but you all are welcome to it. I'm working on a suite of integrated tools to assist the INFOSEC professionals in testing web applications. These will be released under an open source license. At this time, I do not intend these tools to be used by anyone other than those who are assisting me with tests etc.

By Gerald Quakenbush at 2006-02-25 13:36 | read more | 4815 reads