HackMag – Tech magazine for cybersecurity specialists

Custom fabrication. Reversing D-Link router firmware

Date: 02/04/2025

Author: 41exey

When you create custom firmware for routers, you often have to forge the signature so that your handmade microcode can be flushed using the stock web interface. To forge a signature, you must be familiar with the image validation procedure in the stock firmware. To get a general idea of this process, let’s reverse firmware embedded into the D-Link DIR-806A B1 router and find out how signature validation is implemented in it.

Read full article →

Hackers abuse MU plugins to inject malicious payloads to WordPress

📟 News

Date: 01/04/2025

Author: HackMag

According to Sucuri, hackers store malicious code in the MU-plugins (Must-Use Plugins) directory in WordPress and execute it while remaining undetected.

Read full article →

Save me. How to protect networks against spoofing attacks

Date: 31/03/2025

Author: Caster

Spoofing attacks are simple to deliver, and their impact is gross. This article discusses such attacks from the security perspective. The main challenge is to intelligently integrate network security solutions with production without disrupting business processes. Such integration requires a good understanding of the network and equipment specifics. In fact, this is the cornerstone of success.

Read full article →

Zero-day vulnerability in Windows results in NTLM hash leaks

📟 News

Date: 28/03/2025

Author: HackMag

Security experts reported a new zero-day vulnerability in Windows that enables remote attackers to steal NTLM credentials by tricking victims into viewing malicious files in Windows Explorer.

Read full article →

Cloudflare to block all unencrypted traffic to its APIs

📟 News

Date: 26/03/2025

Author: HackMag

According to Cloudflare, effective immediately, only secure HTTPS connections to api.cloudflare.com will be accepted; while all HTTP ports are to be closed.

Read full article →

Serpent anatomy: Dissecting and reversing PyInstaller

Date: 25/03/2025

Author: JaboHack

Humanity has created a whole bestiary of scripting languages with low learning curves in an attempt to make the IT world accessible to ~~imbeciles~~ newbies who have completed a month-long course. Without question, Python is currently the king of beasts in this bestiary. The creeping reptile has entangled the entire IT industry with its rings so much that even a neural network cannot be trained without it. If so, time has come to dissect the serpent and look at its insides. Let’s start with a technology called PyInstaller.

Read full article →

Alexa to stop processing data locally. All voice requests will be sent to Amazon Cloud

📟 News

Date: 24/03/2025

Author: HackMag

Amazon announced that the privacy option allowing users of Echo speakers to avoid sending their voice recordings to the company’s cloud will no longer be supported.

Read full article →