Top-notch cybersecurity magazine

The modern TCP/IP protocol stack includes plenty of tunneling protocols. Normally, they are used to expand production networks and build infrastructure. But in this research, I will use them as pentesting tools.

In the course of a pentesting audit, you often have to simulate phishing attacks. This article provides a step-by-step guide to deploying infrastructure for such simulation. You will learn how to create a mail server from scratch, install and configure the Evilginx reverse proxy, and then integrate it with the Gophish phishing framework. At the end, a practical example of phishing attack is presented: you will intercept login, password, and session cookies and consequently bypass two-factor authentication.

MikroTik devices are widely used in corporate networks, but in most cases they aren’t properly configured, which opens the door to various attacks. This article discusses basic RouterOS security concepts, including protection against spoofing, traffic handling, and attacks on control panels.

Immediately after getting access to the target system, the attacker tries to disable its audit tools to remain undetected as long as possible. In this article, I will explain how to blind Windows monitoring tools by manipulating the Event Tracing for Windows (ETW) subsystem.