davidvandersluis.nl Report : Visit Site

Technical data of the davidvandersluis.nl

Geo IP provides you such as latitude, longitude and ISP (Internet Service Provider) etc. informations. Our GeoIP service found where is host davidvandersluis.nl. Currently, hosted in Netherlands and its service provider is Superior B.V. .

HTTP Header Analysis

HTTP Header information is a part of HTTP protocol that a user's browser sends to called Apache containing the details of what the browser wants and will accept back from the web server.

DNS

HtmlToText

david van der sluis - ethical hacking & web development 2.0 david van der sluis ethical hacking & web development 2.0 home about me projects wrapitallup! anatomy of an irc trojan / bot / backdoor apr.08, 2014 in general 1 comment as the security freak of the company, i often find gems in access or errorlogs. sometimes a plain old scanner, sometimes very sophisticated spiders. what most of the payloads have in common is: they are oftentimes obfuscated, ‘optimised’, encoded and what not. we recently began using modsecurity more aggressively and immediately the logs began filling themselves up. my colleague then pointed me to a very interesting attack, in which a practically non-obfuscated piece of php-code was being injected and asked me what happened here. fun, because it gave me an easy insight on the code, without having to deal with obfuscation and get to see the internal workings! [read the rest of this entry…] pwb / pwk oscp course feb.07, 2014 in general leave a comment i took the pwb and that was a wild ride! lots of stuff covered in the screencasts; the same and some more in the course pdf. this is not for the feint-hearted, though, and you need to have some developingskills in order to keep with the speed (aka $end_of_lab_time – now()) as the labs really are the key. important skills: developers mindset: there is not enough time in the labs to teach you basic programming pragmatics, but you certainly can learn this upfront and you should. don’t think you can learn do this within 60 days if your biggest experience with a pc is word and browsing reddit. linux skills. you really need to learn the cli, (file)permissions, environment, compiling of c and c++ thus also gcc shellscripting (bash, but you can use any language you want with a shebang line) python, a lot of exploits are written in the same style: //socket stuff //shellcode in a var (with possibly an egghunter-tag) //optionally some egghunter code //a certain amount of chars as the buffer to overflow on target //the ret address in the os, jmp esp into a var // socket.send(buffer + returnaddress + shellcode) or if there’s a need for an egghunter: // socket.send(shellcode + (buffer-len(shellcode)) + returnaddress + egghunter) you need to be comfortable with python, it’s indenting and tweaking exploit for other platforms and you’ll be creating tools of your own. i sometimes jumped the gun though, rapidly created some shellscript, when the course explained the working for nmap, to create logging/reports for each host while be able to scan whole subnets, only to find out about pbnj in the next chapter. perl, almost the same as above. reporting. you need to document everything, not only for the customer, but also to find attack vectors and connections wchih you would have not seen otherwise. patience. seriously. you have to be able to enumerate, enumerate, catalog data and enumerate some more. and if you have found a time-based mysqlinjection which is only reliable with a sleep of 5 seconds, you will want a reverse shell a.s.a.p, trust me. but this is why the course’s credo is “try harder”. the course taught me a lot and they did this in a fun way: explain concept practical approach to lab on target x “now you try on target y. hint: blabla” spend hours and hours to spot the difference and look for that tiny subtle thing r00t! and never forget this really worked for me and i certainly won’t forget the stuff i learned the hard way. now for those doing the oscp course: oscp prayer root@kali:/root# ./sayprayer.sh our nmap who is in /usr/bin/, hallowed be thy enumeration, your scans will come, your pbnj reporting will be done, on kali, as it is in backtrack 5. give us this day our holy apt-get upgrade, and forgive us our network tresspasses, as we punish those who trespass against us, and lead us not into temptation of the power of nessus, but deliver us our wireshark logs. for thine is the reporting, and the scanning, and root for ever and ever. amen. root@kali:/root# pwb has started! oct.16, 2013 in general 3 comments so it has begun… received my course material past sunday and i am happy to start! i succesfully connected to labs, but not after a ceremonial: root@kali:/#apt-get remove nessus root@kali:/#apt-get update root@kali:/#apt-get upgrade [read the rest of this entry…] offensive security certified professional jul.29, 2013 in general 3 comments as an avid fan of hackerchallenges and wargames (rootthisbox kind of games) in general, i have been using backtrack/ kali for quite a while now. packed with all kinds of 3rd party tools focussed on digital forensics & pentesting it was a true playground for me and i must say i know my way around in bt a bit and the possibilities it offers in the pentesting world. in my daily job, i work as a webdeveloper with a slight tin-foil hat on, because of my root in the security world, which my employer is very grateful of. i also am very interested in how i can secure myself and be as private as possible on the stuff that matters to me (ssl, tor, truecrypt, etc, etc). so lately i’ve been researching the courses the guys behind bt ( offensive security ) have to offer and came to the conclusion that the oscp-certification , with the precursor course “ penetration testing with backtrack ” would be a fun way to dive into the wonderful world of pentesting. reviews are all around (almost all of them very positive) and i must say i’m intrigued by the way the course gets you direct hands-on experience and the 24-hours exam is basically a black box labelled with “figure it out” unlike the other security certifications floating around. i hope i’ll learn a lot, but i’m already reprogrammed with a new motto i “heard somewhere”: “try harder” hacker challenges jan.17, 2013 in general , personal 5 comments wow. it has been quite some time since my last update here. i might aswell start using this place a little bit more often… today’s topic will be about: hacker challenges(the puzzle-kind). back in 2001, there was a website which intrigued me, made me look up all kinds of information on the internet and had a strong community: http://www.cyberarmy.com (just back online after years) this is where it all began, what made me go into it, what made me such a security-freak. it had a whole ranking system, a board/forum for each rank, increasingly getting more permissions with each rank increase, which initially could be done by beating the challenge for that rank in zebulun. with each increase in rank it would give you permission to view boards below you, even moderate posts at lower levels and it would gain you respect. you’d start out with a simple javascript challenge, talking to a bot (eliza! i still hate you!) with responses piped to an irc-channel for the giggles of those who already had beaten it, steganography, exploits, to even getting root in a box. i’ll never forget the excitement i felt when i finally progressed to “ltker” and the accompanying bragging rights. hackerchallenge-sites shot out of the ground with cyberarmy being the rolemodel (the pyramid, sers, net-force, slyfx, electrica, hackthissite, theblacksheep, i could go on for a while) and even got bundled and rated on hackerchallenges.net by angela byron (aka snarkles) snarkles (http://www.snarkles.net). angela was well-known throughout whole the (whitehat)hackercommunity and you should know her: she’s one of the co-maintainers of drupal! what made all these sites so succesful? * different kinds of areas on which to puzzle on (programming, cryptography, decompiling/reverse engineering, security holes, system-administration, steganography, mathematics, cracking, riddles). * a stimulus to keep on going (ranking, levels, getting more permission, scores, bragging rights amongst peers, etc). * incrementing the complexity smoothly : often a way in which the challenge stimulated into doing a lot of research before you could understand the problem, but also building on the blocks of stuff you learned before. * a community in which us nerds could communicate through. * optionally: a storyline , allthough a lot of the good sites were basically a collection of challenges, some had a catchy stoyline. all these sites made me curious, made me think out of the box, gave me hands-on experience on different programming-languages or -problems, taught me how to search for relevant information. i think it’s safe to say that these sites made me the developer as i am now. because most of us obviously registered on a lot of sites, there is a ‘the one challenge site to rule them all’, which is: wechall.net here you can link all the challenge-sites to your user and see the progress you made. and of course bragging rights on a desolate idle irc-channel. for us old ca-ers: please post your opinion on eliza… i think even after 7 years it’s still starts to boil your blood ;). finally certified! sep.01, 2009 in general leave a comment today i got to do the zend php5 certification exam. in preperation for it, i took the courses described in my previous post and i did the vulcan mock exam 6 times (and passed it 6 times). when i arrived at the test-centre, i got to know i was the only candidate, and i could take the exam anytime i wanted (read: earlier). my bag was taken in and then i was seated in a room with a computer, a plastic notepad and a sharpie. no camera’s and totally alone, i could have looked up anything on my phone with internet, but i did not: i can’t tell customers with a straight face i’m a zce if i would’ve looked up some questions. anyways, i was faced with an application which looked like an old windows 95 app, but at least with a decent mouse. zend could improve a lot in upgrading the interface, but i guess that’s not in their hand: pearson handles and administrates the exams. vulcan looks neater, and works way faster, but to give credit to the zend app: they indent their code-snippets better. the questions i got tasked with were not really different in complexity or obscurity than the mock exam, so i was done in about 35 minutes. i looked over the answers, and could fill in some blanks after i saw the same keyword later in another question. the zend app gives you the opportunity to go to the previous questions and change answers, so the review-checkmark doesn’t always have to be checked to review a previous questions. the most eye-twitching moment was when i hit the “end exam” – button: the computer started to rattle heavily and i got to see a dialog in which it calculated the score (just a progressbar) while i had covered my eyes in frustration. aarrrgghh!! finally it stated i had passed the exam: hooray! while i was alone in my genuine enjoyment. strolling to the desk i got to pick up my score report. now i’m facing a different challenge: to determine what the zce is worth. i could not find any good posts about it on the interwebs, but i guess i’ll have to find out by mere experience. if there are any questions in relation to the exam, ask them! zend certified engineer feb.06, 2009 in personal , projects 2 comments self development as you might know, i have been happily using php for like almost 6 years now. from php3 to php4 to php5, all with it’s own problems and perks. i never thought about looking into certification-course like microsoft’s or sun’s . uptil almost a year ago. zce’s speed course i’ll skip the boring part: so i’m currently following zend’s 90-day from noob to php-expert course. it basically consists of 4 main stages: php i foundations (basic syntax, operating, some functions, array handling…) 9 lessons, 2 hours php ii higher structures (classes (thus oop), design patterns, regex, database handling)9 lessons, 2 hours php5 certification training ( ehh well examtraining)9 lessons, 2 hours the exam itself. at first i was a little bit sceptic: would they be able to keep me awake during the class? right after the first e-mail conversation with a course manager (about if i could use my own ide), they offered me to skip php i, as my question indicated a higher level of experience then “beginner”, and let me pick an other class instead. for free. for your curiosity: i chose php security . all zend’s classes are online through a webex environment , and realtime. i don’t like the bugs and glitches (boo you, cisco!), but ah well: it worked. php ii: higher structures and so i started with php ii. the presenter, the lovely robyn overstreet , used a microphone and a kind of remote desktop view at her console, in which she presented the course-sheets, showed and run examples in her ide, etc. the participants could use a microphone, but a common practice was a chat window, to ask questions or discuss matter. i was amazed about the flexibility(and patience) of the presenter. allthough the lessons were not really new to me, it still learned me some little pittfalls and at the least it refreshed some stuff. the discussion i had were of good quality (and that’s worth something aswell), but i guess the discovery that michael kimsal was not a participant himself but merely auditing robyn explained some stuff aswell i guess. php5 certication training the php5 certication training was a different story. at first the presenter, again robyn, refreshed php5 basics. but then there were the pop-quizes, which occurred predictably after each covered topic. every question seemed either too easy to be true(which was the case 98% of the time) or impossible to solve. it was here aswell i learned to examine a problem from every angle. allthough the problems weren’t always reallife-examples, whats will be printed? $a = 'b'; $b = 'c'; $c = 'a'; echo $$$$$$$$$b; they gave a good enough indication where to look at when developing an application. because we covered almost all php5 topics, and a popquiz appeared right after it, i got to know a common trap for each and every section, and most of the time we spiralled down into problems popping up in the discussion(which was positive, really!). at the end we made a test-examn and reviewed it. exam not much to say yet, because i didn’t take the exam yet. only thing i can tell is that i took 2 vulcan mock-exams and passed nicely. the php|architect’s claim the mock-exam is actually harder then the real exam, got burned down by a course-mate(rodrigo)…… maybe you readers could tell me your experiences of zce? personal blog online jan.25, 2009 in general 3 comments heya all, i finally took it up and pushed myself to make a blog about myself. i will be using this place to share links, projects, resume and some non-organised stuff i feel i have to share with the netizens. if you want to share something, dump a link or hire me: feel free to contact me at: david [\a\t] davidvandersluis [d.o.t.] nl. welcome anything expressed on this blog is an opinion of the poster, and not a fact per se. enjoy your stay. categories general personal projects meta log in valid xhtml wordpress sponsors blogroll bitcoinfoundation the bitcoin foundation dynamic regex tester test your regular expressions, works like a charm. my linkedin my linkedin net-force.nl hacker challenges, learn hacking, pentesting, ctf sql designer (online) a neat sql erd designer, made dynamic with javascript the daily wtf obligatory readings for programmers. laugh about others and pray you’ll never end as an article there. archives april 2014 february 2014 october 2013 july 2013 january 2013 september 2009 february 2009 january 2009 tag cloud © 2008 david van der sluis - wordpress themes full rss - comments rss

URL analysis for davidvandersluis.nl

http://www.davidvandersluis.nl/personal-blog-online/#comments
http://www.davidvandersluis.nl/2014/04/
http://www.davidvandersluis.nl/php-function-flashcards/
feed:http://www.davidvandersluis.nl/feed/
feed:http://www.davidvandersluis.nl/comments/feed/
http://www.davidvandersluis.nl/2009/02/
http://www.davidvandersluis.nl/finally-certified/
http://www.davidvandersluis.nl/personal-blog-online/
http://www.davidvandersluis.nl/anatomy-of-an-irc-bot-backdoor/
http://www.davidvandersluis.nl/category/projects/
http://www.davidvandersluis.nl/2013/10/
http://www.davidvandersluis.nl/pwb-has-started/#comments
http://www.davidvandersluis.nl/hacker-challenges/#comments
http://www.davidvandersluis.nl/about/
http://www.davidvandersluis.nl/zend-certified-engineer/#comments

Whois Information

Whois is a protocol that is access to registering information. You can reach when the website was registered, when it will be expire, what is contact details of the site with the following informations. In a nutshell, it includes these informations;

Domain name: davidvandersluis.nl
Status: active

Registrar:
Hosting2GO B.V.
Baronielaan 92
4818RC BREDA
Netherlands

Abuse Contact:

DNSSEC: yes

Domain nameservers:
ns1.hosting2go.nl
ns2.hosting2go.nl

Record maintained by: NL Domain Registry

Copyright notice
No part of this publication may be reproduced, published, stored in a
retrieval system, or transmitted, in any form or by any means,
electronic, mechanical, recording, or otherwise, without prior
permission of the Foundation for Internet Domain Registration in the
Netherlands (SIDN).
These restrictions apply equally to registrars, except in that
reproductions and publications are permitted insofar as they are
reasonable, necessary and solely in the context of the registration
activities referred to in the General Terms and Conditions for .nl
Registrars.
Any use of this material for advertising, targeting commercial offers or
similar activities is explicitly forbidden and liable to result in legal
action. Anyone who is aware or suspects that such activities are taking
place is asked to inform the Foundation for Internet Domain Registration
in the Netherlands.
(c) The Foundation for Internet Domain Registration in the Netherlands
(SIDN) Dutch Copyright Act, protection of authors' rights (Section 10,
subsection 1, clause 1).

  REFERRER http://www.domain-registry.nl

  REGISTRAR Stichting Internet Domeinregistratie NL

SERVERS

  SERVER whois.domain-registry.nl

  ARGS davidvandersluis.nl

  PORT 43

  TYPE domain

DOMAIN

  NAME davidvandersluis.nl

  STATUS active

SPONSOR
Hosting2GO B.V.
Baronielaan 92
4818RC BREDA
Netherlands
Abuse Contact:
DNSSEC: yes

NSERVER

  NS1.HOSTING2GO.NL 83.137.192.136

  NS2.HOSTING2GO.NL 217.170.1.249

  REGISTERED yes

Mistakes

The following list shows you to spelling mistakes possible of the internet users for the website searched .