Practical 'Hacking' ResourcesBuffer Overflow BasicsOne of the most commonly occuring security attacks is the 'buffer overflow'. This section describes the basics of buffer, heap, and stack overflows.Smashing the Stack for Fun and Profit - One of the classic papers by Aleph One How to write Buffer Overflows - Another classic paper by Mudge Buffer Overflows - collection of papers on buffer overflows and related topics Heap, Stack, and Buffer Overflows - another collection Shellcode BasicsOnce the buffer has been overflowed, the attacker needs to supply some code to be executed. This section describes the basics of how to create this 'shellcode'.Designing Shellcode Demystified lsd-pl - Writing shellcode for various architectures Sined - Multi-platform shellcode examples OpenBSD shellcodes - Shellcode examples for OpenBSD Port/Vulnerability ScanningHere is a collection of automated 'scanning' tools that are useful to both attackers and network administrators.Top 75 Network Security Tools - Top 75 network security tools, according to Fyodor Nmap - Port scanner (by Fyodor) Nessus - Vulnerability scanner (by Renaud Deraison) Nikto - CGI Scanner based on libWhisker (by Rain Forest Puppy) Exploit CollectionsThese links contain pre-written exploits, often from underground origins. While these are interesting to look at, I advise taking precautions before running any of these on your machine. Also it's obvious that these, or any exploits, should not be used to break into any machines that don't belong to you.Packetstorm Security - A reputable place to find advisories, tools, and exploits Digital Information Society - Collection of tools and exploits security.nnov.ru - Fairly updated collection of advisories and exploits Fyodor's Exploit World - Slightly old collection of exploits, from the maker of nmap Packet-X - Another exploit collection WargamesHere's where you can practice what you've learned..   legally!HackersLab RootWars Wargames DataFort Hacking Contest hack this site! HH - List of Wargames List of Wargames Mod-X Scan of the Month Try2Hack NGSEC security games |