HackMag – Tech magazine for cybersecurity specialists

Puzzle solving. Writing custom JavaScript deobfuscator

Date: 17/06/2025

Author: JaboHack

Today, I am going to demonstrates that JavaScript obfuscation can be removed even in situations when sophisticated deobfuscators are useless. You will learn an effective research technique that can be applied to obfuscated code and write your own deobfuscator.

Read full article →

Self-defense for hackers. Catching intruders at the network level

Date: 14/06/2025

Author: s0i37

This article presents a number of simple but effective computer self-defense techniques that will help you to detect hackers who have penetrated into your local network. You will learn to identify penetration traces and catch intruders using special scripts. Let’s start with the very first level: the network.

Read full article →

Dumping at nanolevel. How I reinvented SafetyKatz to dump LSASS with NanoDump

Date: 13/06/2025

Author: snovvcrash

This article discusses the covert use of the NanoDump utility from memory (i.e. the simulated attacker doesn’t have a C&C ‘beacon’ on the attacked network node) and compares such an application of NanoDump with the use of SafetyKatz.

Read full article →

Multistep SQL injection attacks: Operating principle and impact

Date: 13/06/2025

Author: N3tn1la

SQL injections (SQLi) are among the most popular vulnerabilities in the pentesting community. Too bad, such attacks are increasingly rare nowadays since modern security tools easily detect them. By contrast, an injection triggered when data transfer occurs between services is much more difficult to detect. This article discusses SQLi that are triggered not immediately, but somewhere in the middle of business logic.

Read full article →

Victory over “bads”: using Victoria to recover data and reset disk password

Date: 04/06/2025

Author: 84ckf1r3

Recovering deleted files is not a problem; there are dozens of utilities for this. But what if the drive is damaged, has an erroneous geometry description, or is password protected at the controller level? Then the Victoria utility comes to the rescue. It is written in assembler, takes up a few kilobytes and works directly with the controller.

Read full article →

Console Android. 50 ADB Commands Everyone Should Know

Date: 04/06/2025

Author: Dmitry 'BRADA' Podkopaev

There are many tools available for working with a smartphone connected via USB cable or Wi-Fi. Advanced tools allow you to move files, install and uninstall software, view contacts, take screenshots, and even send SMS, but no graphical tool can match the power that the Android console can provide. In this article, we will talk about ADB (Android Debug Bridge) – a standard tool for debugging and working with the Android console from a computer.

Read full article →

We cover our tracks. How to make Windows forget everything

Date: 04/06/2025

Author: Denis Kolesnichenko

Lists of open files and USB devices, browser history, DNS cache – all this helps to find out what the user was doing. We have compiled step-by-step instructions on how to remove traces of your activity in different versions of Windows, Office and popular browsers. At the end of the article you will find several scripts that will help you automatically keep your machine clean.

Read full article →