Home » Posts tagged 'fun'
Tag Archives: fun
Fun with Rapid Miner
I fired up my Rapid Miner 5.1 and discovered a tonne of features that I cant do with (cough) other software. I think I need to get some training in this or even a live project so I can write more on Rapid Miner.
You need to view in full screen mode if you want to see what I am doing.
Background Music is unrelated!
Download Decisionstats
I was picking up some funny activity on my web analytics, so to make it easier for readers, here is the entire Decisionstats wordpress xml file zipped. You can download it, unzip and then read it in any wordpress reader to read at your leisure.
decisionstats.wordpress.2012-06-14.xml
Have fun
Updated- There seems to be unusual traffic activity on my poetry blog To make it more convenient for readers , you can download that as a zipped WordPress XML file here-
poemsforkush.wordpress.2012-06-14.pdf
How to learn Hacking Part 2
Now that you have read the basics here at
http://www.decisionstats.com/how-to-learn-to-be-a-hacker-easily/
(please do read this before reading the below)
Here is a list of tutorials that you should study (in order of ease)
1) LEARN BASICS – enough to get you a job maybe if that’s all you wanted.
http://www.offensive-security.com/metasploit-unleashed/Main_Page
2) READ SOME MORE-
Lena’s Reverse Engineering Tutorial-”Use Google.com for finding the Tutorial“
Lena’s Reverse Engineering tutorial. It includes 36 parts of individual cracking techniques and will teach you the basics of protection bypassing
01. Olly + assembler + patching a basic reverseme
02. Keyfiling the reverseme + assembler
03. Basic nag removal + header problems
04. Basic + aesthetic patching
05. Comparing on changes in cond jumps, animate over/in, breakpoints
06. “The plain stupid patching method”, searching for textstrings
07. Intermediate level patching, Kanal in PEiD
08. Debugging with W32Dasm, RVA, VA and offset, using LordPE as a hexeditor
09. Explaining the Visual Basic concept, introduction to SmartCheck and configuration
10. Continued reversing techniques in VB, use of decompilers and a basic anti-anti-trick
11. Intermediate patching using Olly’s “pane window”
12. Guiding a program by multiple patching.
13. The use of API’s in software, avoiding doublechecking tricks
14. More difficult schemes and an introduction to inline patching
15. How to study behaviour in the code, continued inlining using a pointer
16. Reversing using resources
17. Insights and practice in basic (self)keygenning
18. Diversion code, encryption/decryption, selfmodifying code and polymorphism
19. Debugger detected and anti-anti-techniques
20. Packers and protectors : an introduction
21. Imports rebuilding
22. API Redirection
23. Stolen bytes
24. Patching at runtime using loaders from lena151 original
25. Continued patching at runtime & unpacking armadillo standard protection
26. Machine specific loaders, unpacking & debugging armadillo
27. tElock + advanced patching
28. Bypassing & killing server checks
29. Killing & inlining a more difficult server check
30. SFX, Run Trace & more advanced string searching
31. Delphi in Olly & DeDe
32. Author tricks, HIEW & approaches in inline patching
33. The FPU, integrity checks & loader versus patcher
34. Reversing techniques in packed software & a S&R loader for ASProtect
35. Inlining inside polymorphic code
36. Keygenning
If you want more free training – hang around this website
http://www.owasp.org/index.php/Cheat_Sheets
OWASP Cheat Sheet Series
- OWASP Top Ten Cheat Sheet
- Authentication Cheat Sheet
- Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet
- Transport Layer Protection Cheat Sheet
- Cryptographic Storage Cheat Sheet
- Input Validation Cheat Sheet
- XSS Prevention Cheat Sheet
- DOM based XSS Prevention Cheat Sheet
- Forgot Password Cheat Sheet
- Query Parameterization Cheat Sheet
- SQL Injection Prevention Cheat Sheet
- Session Management Cheat Sheet
- HTML5 Security Cheat Sheet
- Web Service Security Cheat Sheet
- Application Security Architecture Cheat Sheet
- Logging Cheat Sheet
- JAAS Cheat Sheet
Draft OWASP Cheat Sheets
- Access Control Cheat Sheet
- REST Security Cheat Sheet
- Abridged XSS Prevention Cheat Sheet
- PHP Security Cheat Sheet
- Password Storage Cheat Sheet
- Secure Coding Cheat Sheet
- Threat Modeling Cheat Sheet
- Clickjacking Cheat Sheet
- Virtual Patching Cheat Sheet
- Secure SDLC Cheat Sheet
3) SPEND SOME MONEY on TRAINING
http://www.corelan-training.com/index.php/training/corelan-live/
Course overview
Module 1 – The x86 environment
- System Architecture
- Windows Memory Management
- Registers
- Introduction to Assembly
- The stack
Module 2 – The exploit developer environment
- Setting up the exploit developer lab
- Using debuggers and debugger plugins to gather primitives
Module 3 – Saved Return Pointer Overwrite
- Functions
- Saved return pointer overwrites
- Stack cookies
Module 4 – Abusing Structured Exception Handlers
- Abusing exception handler overwrites
- Bypassing Safeseh
Module 5 – Pointer smashing
- Function pointers
- Data/object pointers
- vtable/virtual functions
Module 6 – Off-by-one and integer overflows
- Off-by-one
- Integer overflows
Module 7 – Limited buffers
- Limited buffers, shellcode splitting
Module 8 – Reliability++ & reusability++
- Finding and avoiding bad characters
- Creative ways to deal with character set limitations
Module 9 – Fun with Unicode
- Exploiting Unicode based overflows
- Writing venetian alignment code
- Creating and Using venetian shellcode
Module 10 – Heap Spraying Fundamentals
- Heap Management and behaviour
- Heap Spraying for Internet Explorer 6 and 7
Module 11 – Egg Hunters
- Using and tweaking Egg hunters
- Custom egghunters
- Using Omelet egghunters
- Egghunters in a WoW64 environment
Module 12 – Shellcoding
- Building custom shellcode from scratch
- Understanding existing shellcode
- Writing portable shellcode
- Bypassing Antivirus
Module 13 – Metasploit Exploit Modules
- Writing exploits for the Metasploit Framework
- Porting exploits to the Metasploit Framework
Module 14 – ASLR
- Bypassing ASLR
Module 15 – W^X
- Bypassing NX/DEP
- Return Oriented Programming / Code Reuse (ROP) )
Module 16 – Advanced Heap Spraying
- Heap Feng Shui & heaplib
- Precise heap spraying in modern browsers (IE8 & IE9, Firefox 13)
Module 17 – Use After Free
- Exploiting Use-After-Free conditions
Module 18 – Windows 8
- Windows 8 Memory Protections and Bypass
ALSO GET CERTIFIED
http://www.offensive-security.com/information-security-training/penetration-testing-with-backtrack/
($950 cost)
the syllabus is here at
http://www.offensive-security.com/documentation/penetration-testing-with-backtrack.pdf
4) HANG AROUND OTHER HACKERS
At
http://attrition.org/attrition/
or The Noir Hat Conferences-
http://blackhat.com/html/bh-us-12/training/bh-us-12-training_complete.html
or read this website
http://software-security.sans.org/developer-how-to/
5) GET A DEGREE
Yes it is possible
See
http://web.jhu.edu/jhuisi/
The Johns Hopkins University Information Security Institute (JHUISI) is the University’s focal point for research and education in information security, assurance and privacy.
Scholarship Information
The Information Security Institute is now accepting applications for the Department of Defense’s Information Assurance Scholarship Program (IASP). This scholarship includes full tuition, a living stipend, books and health insurance. In return each student recipient must work for a DoD agency at a competitive salary for six months for every semester funded. The scholarship is open to American citizens only.
http://web.jhu.edu/jhuisi/mssi/index.html
MASTER OF SCIENCE IN SECURITY INFORMATICS PROGRAM
The flagship educational experience offered by Johns Hopkins University in the area of information security and assurance is represented by the Master of Science in Security Informatics degree. Over thirty courses are available in support of this unique and innovative graduate program.
———————————————————–
Disclaimer- I havent done any of these things- This is just a curated list from Quora so I am open to feedback.
You use this at your own risk of conscience ,local legal jurisdictions and your own legal liability.
SAS Institute Financials 2011
SAS Institute has release it’s financials for 2011 at
http://www.sas.com/news/preleases/2011financials.html
,
Revenue surged across all solution and industry categories. Software to detect fraud saw a triple-digit jump. Revenue from on-demand solutions grew almost 50 percent. Growth from analytics and information management solutions were double digit, as were gains from customer intelligence, retail, risk and supply chain solutions
AJAY- and as a private company it is quite nice that they are willing to share so much information every year.
The graphics are nice ( and the colors much better than in 2010) , but pie-charts- seriously dude there is no way to compare how much SAS revenue is shifting across geographies or even across industries. So my two cents is – lose the pie charts, and stick to line graphs please for the share of revenue by country /industry.
In 2011, SAS grew staff 9.2 percent and reinvested 24 percent of revenue into research and development
AJAY- So that means 654 million dollars spent in Research and Development. I wonder if SAS has considered investing in much smaller startups (than it’s traditional strategy of doing all research in-house and completely acquiring a smaller company)
Even a small investment of say 5-10 million USD in open source , or even Phd level research projects could greatly increase the ROI on that.
That means
Analyzing a private company’s financials are much more fun than a public company, and I remember the words of my finance professor ( “dig , dig”) to compare 2011 results with 2010 results.
http://www.sas.com/news/preleases/2010financials.html
The percentage invested in R and D is exactly the same (24%) and the percentages of revenue earned from each geography is exactly the same . So even though revenue growth increased from 5.2 % to 9% in 2011, both the geographic spread of revenues and share R&D costs remained EXACTLY the same.
The Americas accounted for 46 percent of total revenue; Europe, Middle East and Africa (EMEA) 42 percent; and Asia Pacific 12 percent.
Overall, I think SAS remains a 35% market share (despite all that noise from IBM, SAS clones, open source) because they are good at providing solutions customized for industries (instead of just software products), the market for analytics is not saturated (it seems to be growing faster than 12% or is it) , and its ability to attract and retain the best analytical talent (which in a non -American tradition for a software company means no stock options, job security, and great benefits- SAS remains almost Japanese in HR practices).
In 2010, SAS grew staff by 2.4 percent, in 2011 SAS grew staff by 9 percent.
But I liked the directional statement made here-and I think that design interfaces, algorithmic and computational efficiencies should increase analytical time, time to think on business and reduce data management time further!
“What would you do with the extra time if your code ran in two minutes instead of five hours?” Goodnight challenged.
Mafia Wars 2 -The review of the new game on G+
Mafia Wars2 tries to be Steve Jobs working on a PC. It substitutes storyline for fancier graphics, smoother icons and design, and the numeric fun of piling up scores is almost gone. Did you mention social gaming- there are hardly any incentives for “social” part of the game. It looks like a gaudy Vegas twist to a beloved franchise.
Leave sequels to the boys in Hollywood, Pincuss/Zynga- You will need to be much more original to create the next blockbuster. Of course given the size of Zynga’s captive addict-base, the game will be a hit. But it will be a hit more like Transformers 3 , than likes of Blade Hunter or Terminator 2.
May we suggest another NEW game , than rebooting the squeezed lemon juice of a beloved and now departed friend-chise.
ps The song is irritating too. and the skimpy clad players are insulting.
More fun on Google Plus
I have been posting cool stuff from my G+ stream almost since the social network got released so continuing the series of posts on great stuff I get in my Google Plus stream
Anna Rumiantseva originally shared this post:Please share if you like!
Jay Jaboneta originally shared this post:Jay Jaboneta changed his profile photo.
http://www.sltrib.com/sltrib/news/52574438-78/story.csp?page=1
Rupesh Nandy originally shared this post:
David Smith originally shared this post:
Marcelo Almeida originally shared this post:
But Willie Nelson rules them all
https://www.youtube-nocookie.com/v/aMfSGt6rHos?version=3&hl=en_US&rel=0
- see earlier posts at
http://decisionstats.com/best-of-google-plus-week-1-top10/
http://www.decisionstats.com/best-of-google-plus-week-2-top-10/
-
http://www.decisionstats.com/the-best-of-google-plus-week-3-top-10/
http://www.decisionstats.com/funny-stuff-on-google-plus/
http://www.decisionstats.com/fun-with-google-plus/
