HackMag – Security, malware, coding, devops

Controlling Android. Dangerous APIs enable hackers to intercept data and reset smartphone settings

In addition to traditional permissions, Android has three metapermissions that open access to very dangerous APIs enabling the attacker to seize control over the device. In this article, I will explain how to use them so that you can programmatically press smartphone buttons, intercept notifications, extract text from input fields of other apps, and reset device settings.

Read full article →

Coronavirus in darknet. New arrivals on black markets amid the pandemic

Written by Yuriy Skvortsov

Amid the COVID-19 pandemic, plenty of products supposed to protect you against COVID-19, or ease the course of the disease, or even heal you became available on the darknet (as well as on legitimate marketplaces). Because the shady segment of the global network is of utmost interest to hackers, I decided to examine the assortment of goods offered there and compare the prices on the darknet and in ‘regular’ stores.

Read full article →

How to fool MSI installer: Instruction for lazy hackers

Written by MVK

To run a program, you must install it first. But what if the installer doesn’t want to start, or even worse, refuses to install the app? In that situation, you have no choice but to hack it. Today, I will show how to do this easily, quickly, and effectively.

Read full article →

Long live the data! How to recover information from a bricked flash drive in Linux

Written by icoz

As you are well aware, computer specialists are often asked to recover data from broken flash drives. Today, I will explain how to use TestDisk and PhotoRec for data restoration. And then I will show that all you need to recover data from a bricked memory stick are, in fact, a Hex editor and some wits.

Read full article →

Introduction to Row Level Security. Examining access rights differentiation systems implemented in Oracle и PostgreSQL

Written by Andrey Kuskov

There are many ways to show the user only the data they need. Row level security (RLS) is one of the most universal, simple, and reliable mechanisms ensuring that the data are presented only to persons having the required access rights. In this article, I will show that there is nothing really difficult in RLS and will explain how to set up an access rights differentiation system using the database tools and without affecting the performance much.

Read full article →

Ruffling the penguin! How to fuzz the Linux kernel

Written by xairy

For the last five years, I’ve been using fuzzing to find vulnerabilities in the Linux kernel. During that time, I implemented three major projects: fuzzed the network subsystem through system calls (and wrote several exploits for the identified bugs), then fuzzed the network externally, and, finally, fuzzed the USB subsystem from the device side.

Read full article →

Secret of the widget. Exploiting a new severe vulnerability in vBulletin

Written by aLLy

In September 2019, the CVE-2019-16759 vulnerability was discovered in the vBulletin forum engine. The bug enabled any user to execute arbitrary commands in the system and even resembled a backdoor. The developers have promptly fixed it, but in August 2020, a new possibility to bypass the patch and exploit the last year’s security hole was found.

Read full article →