Have you tried to compile the shellcode alone and ensure that it works? If not consider different payloads to ensure they work. After that once payload inserted step through the application and see if it moves accordingly to your payload with no bad chars etc. Sorry if this is just a repeat of what was already said. Could also mess without different paylaods using msfvenom

Interesting discussion but also gotta consider that these vulnerability scanners have configurations that can be fine tuned to be less noisy if the tester has indepth knowledge of what they are using.

Didn't know your personal feelings. So it's noted I take a comic for what it is a vague commentary on life. For sure you are right in what you described but I was just using the xkcd comic to shed light on the balance between a perfect policy and the human factor that you always need to consider and maybe weaken your policy for. I guess you consider it low brow humour and I apologize.

Also thanks for the added info via psych analyzing.

EDIT: Just giving an update the presentation went well everyone enjoyed it and luckily for me I was able to connect my presentation with the adobe leak of passwords so everything explained itself wonderfully. We discussed bad implementation of secure protocol basically via Adobe. All in all I would like to say thanks to everyone who posted , it got me in the right mindset to discuss a topic I've only just started to truly grasp.

So thanks again.

Thank you all for posting your thoughts. I will try and implement majority of the ideas and give a brief breakdown with the final presentation I come up with and for proxx here you go incase you haven't seen this.

Great advice,

I will tackle it exactly like that. Thanks a lot.

Hi everyone,

 My name is phunkpwnz I made an introduction some months ago. Long story short I'm a noob but interested in the broad field of infosec and all other extensions of it which is curiously enough everything. So I am interested in life. That being said I am presenting a topic for my schools infosec club and I am leaning toward talking about passwords.

 In particular how passwords cannot be naively thought as the only security policy and how you most definitely need other policies/protocols with it. And I compare it to lock picking how eventually the intruder will break into your house but the fact he is lock picking in a suspicious manner should trigger your other policy of A) alerting the police or  B) calling him out on his actions etc. Now this is good for those new to infosec but I am sure that there will be people who already know this and I was just curious as to what other things would people more immersed in the field be interested in hearing related to the topic?

I am also gonna add a few statistics about the rate of possible brute force attacks using cuda and known scripts and how to harden your system against it etc. But any other avenues I might look into to make my presentation a bit more interesting to the already initiated?

Thanks in advance.

TLDR? - Basically I have a presentation on passwords and I would like to know what intermediate or expert level people in the infosec/hacking/IT/generally knowledgeable might be interested in hearing about this topic.

