Results 1 to 2 of 2

Thread: email I received: new magazine, Hackademy Journal

  1. #1
    Senior Member
    Join Date
    Feb 2003

    email I received: new magazine, Hackademy Journal

    I received the following email, and thought you all might like to see it:

    The Hackademy starts an international hacker magazine

    Paris, France - April 29, 2004 -- Created in France two years ago by a
    group of hackers, The Hackademy Journal, first printed magazine for
    French-speaking "White Hat" hackers, is now available in English

    With a high technical level (full contents below), this international
    publication is intended for a professional audience of computer users,
    programmers, system and network administrators, security specialists,
    etc. who wish to know, from a hacker viewpoint, what are the latest
    attacks and protection techniques.

    "The Hackademy Journal [International Premium Edition]" is published
    quarterly and is available by subscription worldwide.

    or +33

    More information on the Hackademy Journal international web site:

    About The Hackademy

    This magazine is published by DMP Editions. DMP already publishes
    the French edition of the Hackademy Journal in France, Switzerland,
    Belgium and Canada. But DMP is best known because they started the
    Hackademy, the first IT security training center where classes are
    given by members of the hacker community.

    Contents of The Hackademy Journal issue #1

    * Honeypots

    Honeypot Detection
    To be really efficient, honeypots and honeynets must look exactly
    like regular systems and networks. However, current honeypot
    technologies can be detected, thus allowing a skilled hacker to avoid
    the trap and retreat early.

    Setting up a fake socks proxy
    Who uses anonymous public proxies and for what purpose? In most cases
    it is spam. Next come denial of service attacks, and to a lesser
    extent certain legitimate uses for anonymous purposes. This article
    will give you the technical means to supervise these schemes and at
    the same time complicate life for spammers and flooders.

    Who are the Spammers ?
    Here are a few interesting facts that we discovered using the
    honeypot described on the previous page. You will see that spammers
    are the primary users of public proxies, and that you can easily fool
    them with a fake server. And maybe even learn more about who they are
    and how they work...

    Spammers' Software Arsenal
    This test helped us better understand some of the methods used for
    generating spam. Here are the most interesting.

    * Web security

    (My)SQL Injection with PHP
    SQL injection is a very widespread security flaw on the Web and is
    very easy to exploit even without extensive technical knowledge. Yet
    it is extremely dangerous because it allows to directly manipulate
    site databases. This leads to numerous possibilities: data theft,
    display of passwords, illegitimate authentication to a service, etc.
    This article explains the risks generated by interactions between PHP
    and a MySQL database.

    Eliminating SQL Injection
    This article discusses how to write secure PHP programs in order to
    avoid the numerous attack possibilities of "SQL injection" breaches.

    * Penetration Testing

    Foiling anti-buffer overflow protections
    By setting up a realistic, concrete case within an online challenge
    open to all, we wanted to show that it was possible to exploit a
    security flaw to remotely enter a server protected by PaX and
    grsecurity. Let us see how the combination of a few techniques, well
    known or developed for the occasion, enable this attack. This article
    will be useful not only to intrusion test professionals, who will
    find effective, fairly universal techniques, but also to system
    administrators and decision-makers asking themselves the following
    questions: is it advantageous to use kernel security add-ins such as
    PaX ? What are the limitations? How can I complement them to make
    them even more effective?

    Interview with the PaX team

    * Newbie Area

    Remotely cracking passwords
    Automated software allows kiddy-programs to easily crack
    poorly-protected accounts, be they for FTP access, e-mail, or a Web
    service? It is better to test for yourself the robustness of your
    passwords before a malicious hacker does it for you.

    Forensic analysis with Autopsy
    Erasing a file does not remove all traces of its existence. Autopsy
    is a complex tool for analyzing disks that have been attacked. We
    will use it to recover a deleted file. Windows users can also benefit
    from it without having to install Linux thanks to the Knoppix

    * Windows userland subversion

    PE header
    A thorough understanding of the PE format helps you analyze and
    modify programs in depth. Be it for patching memory, unpacking a
    virus, or modifying the sections of a program - such as the one
    containing the imported functions table.

    Injecting and executing code in another process
    Injecting code in an application allows to acquire its privileges and
    alter its operation. Under Windows, this makes it possible to work
    around personal firewalls, or to intercept sensitive data such as
    passwords stored in memory. Injecting code is also among the first
    steps required to hijack an API.

    Redirecting API calls
    The interception of calls to Windows system functions to change the
    behavior of an external application is more and more widespread. Very
    useful for debugging, it also opens the way to other, less innocent
    uses: spying on communications, inserting hidden accesses in existing
    processes, camouflaging abnormal system activities ("userland

    Practical demonstration of API hooking
    The methods for injecting code and hijacking APIs could be put into
    practice to create Trojan horses. Our sample code shows how it is
    possible to hijack network traffic in order to retrieve a user's ID
    data from his mail server, while hiding the registry keys required to
    launch it automatically. The dangers represented by these innovative
    techniques (spying, hidden access, camouflage) are all too real.

    Olivier Spinelli


    |--- 100 % White Hat Hacking ---
    | The Hackademy Journal
    | 26 bis, rue Jeanne d'Arc
    | 94160 Saint Mande - France
    | Phone : +33
    | Fax : +33

  2. #2
    Senior Member
    Join Date
    Feb 2003
    Memphis, TN
    Sounds like ikt might be a decent magazine.

    I think I wouild like to only get one or two issues though before committing to a full year, just in case its a bunch of BS.

    It sounds pretty cool though.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts