May 2021 – HackMag

Ultimate guide to PowerShell Empire: from installation to persistence in the target system

Date: 30/05/2021

Empire is a popular post-exploitation tool for Windows, Linux, and macOS. This article addresses all key aspects of this framework, including its most frequently used functions. Even if you are a seasoned pentester, you will likely find something new and useful in this material.

Read full article →

Duck tales. How to create a wireless analogue of Rubber Ducky

Date: 29/05/2021

Author: Candidum

Hackers and pentesters consider BadUSB an efficient attack vector; it emulates the keyboard and performs operations on the attacked computer under the disguise of user input. Such attacks are very difficult-to-detect because neither the OS nor antiviruses suspect the keyboard of any wrongdoing. Today, I will show how to create your own BadUSB tool – a wireless device looking like a memory stick.

Read full article →

ZetaSDR: Assembling a software defined radio with your own hands

Date: 29/05/2021

Author: Candidum

SDR (software defined radio) is a radio communication system that uses software to convert radio signals into digital code. This provides tremendous possibilities for the analysis of radio signals, and plenty of SDRs are currently available on the market. In this article, I will explain how SDR operates and will show how to create a radio receiver with your own hands. Concurrently, I will do my best to minimize the loads of math required to understand the topic.

Read full article →

Useless Crap? No, not nearly! Advance your binary exploitation skills by solving a sophisticated CTF challenge

Date: 29/05/2021

Author: Pavel Blinnikov

PWN challenges are my favorite tasks at CTF contests. Such tasks effectively train you in real-life code analysis, while their write-ups usually describe all fine details, even those already addressed by other authors. Today, I will explain how to solve a task named “Useless Crap” by its author (it’s available on TG:HACK 2020). The author estimates its difficulty as hard. The task is very challenging indeed, and it took me almost twelve hours to complete it at the contest.

Read full article →

Poisonous Python. Coding malware in Python: a locker, an encryptor, and a virus

Date: 29/05/2021

Author: Valery Linkov

Why write malware in Python? First, to learn the basics of malicious coding and, second, to practice in this programming language. After all, malware written in Python is widespread in this wild world, and many antiviruses don’t detect it.

Read full article →

Battle smartphone. How to transform your Android device into ‘hackerphone’ with Termux and Kali

Date: 29/05/2021

Author: Ghoustchat

In sci-fi movies, hackers use cellphones to compromise heavily protected networks. Up until recently, it was just a fantasy, but now this fantasy becomes a reality. In this article, I will explain how to transform your phone into a powerful hacking tool.

Read full article →

Spying penguin. Windows post-exploitation with a Linux-based VM

Date: 29/05/2021

Author: s0i37

Windows-based systems are significantly more resistant against MITM attacks in comparison with Linux-based ones. The reason is simple: Windows does not include a handy mechanism to forward transit packets. Today, I will explain how to use a minimalist Linux system running on a virtual machine as a gateway. The attack also involves bridged network interfaces that grant the guest OS full L2 access to the network segment where the compromised Windows system is located. The VM will be deployed using VirtualBox.

Read full article →