Ansible is a tool almost everyone has heard of, but it’s mostly used by system administrators. Developers and researchers typically encounter it when they need to spin up their own servers or deploy an existing configuration. That…
CONTINUE READING 🡒 Author: hackmag
Cyberdolphin. The story of Flipper — hacker’s Swiss Army knife
Hacking and pentesting are normally associated with hours-long sitting at your computer, but this is not quite so: many devices and wireless networks can be accessed only personally. In such situations, you need a hacking multitool -…
CONTINUE READING 🡒 
Attacking a car alarm. How does a car alarm security…
Since such devices as bladeRF, HackRF, RTL-SDR, and software systems like GNU Radio had become widely available, reverse engineering of radio air data got really simple and entertaining.
CONTINUE READING 🡒 
Tips&tricks: Android’s hidden capabilities that everyone should know
At first sight, Android seems a rather simple operating system; however, it contains a lot of hidden functions and settings (especially in the latest versions) which can make your life much easier. So, before you hurry to…
CONTINUE READING 🡒 
Android 6.0 permissions in protection and attack
Everyday, new vulnerabilities are discovered in mobile devices that can be exploited by intruders. They can send an SMS to a pay-per-call number, they can collect and sell a large database of contact details, and they can…
CONTINUE READING 🡒 
Hidden threats of the IPv6
Why should we worry about IPv6 at all? After all, even though the last blocks of IPv4 addresses have been distributed to the regional registries, the Internet works without any changes. The thing is that IPv6 first…
CONTINUE READING 🡒 
What data Windows 10 sends to Microsoft and how to…
Since its rise Windows was a natural habitat for all kinds of malware. Now the OS itself seems to have become one big trojan. Right after being installed it starts acting weird. The data flows in rivers…
CONTINUE READING 🡒 
Сode injections for Windows applications
Code Injection is a process of injection code (often malicious) into third party application’s memory. A lot of software is using this technique: from malware to game bots. To show this approach, let’s try to execute third…
CONTINUE READING 🡒 
This is GameDev, baby! Interview with developers of World of…
How to serve a hundred million users without going nuts? What technologies to use? In what language, after all, to write the authorization for your future high load to make sure that everything is "like for the…
CONTINUE READING 🡒 
Hackbook #197. Set up Cisco as server, SOP bypass for…
Set up Cisco as server, SOP bypass for Flash and other
CONTINUE READING 🡒 
Oracle DB vulnerabilities: the missing pentester handbook
Today, I would like to discuss the attack vectors used at various stages against the Oracle databases: how to probe the database weaknesses from outside, how to gain a foothold inside and how to automate all this…
CONTINUE READING 🡒 
7 non-trivial ways to hack your MySQL Database
MySQL is one of the most common database systems. Found everywhere, it is most likely to be used by numerous websites. Hence the reason why the security of this database is a very important issue. An attacker…
CONTINUE READING 🡒 
Dive into exceptions: caution, this may be hard
Modern versions of OS impose security-based restrictions on executable code. In this context, the use of exception-handling mechanism in injected code or, say, in the manually projected image may become a non-trivial task, that is, if you…
CONTINUE READING 🡒 
Building kernel modules and native Linux applications for Android
Android devices are good by any definition, but sometimes they extremely lack features and utilities available in desktop Linux. Separate instruments, such as Terminal IDE, partly help, but anyway they do not have some of the desired…
CONTINUE READING 🡒 
Welcome, Sails.js! The Missing Rails for Node.js
Let me tell you the truth. There is a true secret lodge of JavaScript fans in our magazine. As soon as we, including the chief editor, the managing editor, and yours truly, catch the sight of one…
CONTINUE READING 🡒 
Full kit of a Security Officer for $100
Our goal is the carry-on gadgets that justly could be included in the usual of a hacker, a young-gun detective or an info security officer. Today we are going to talk about usage and modify of different…
CONTINUE READING 🡒 
Complete guide for *nix backup solutions
Do you often make backups? Meanwhile, *nix systems have a lot of different backup tools, ranging from the smallest to huge packages for the enterprise sector. Each of these tools has its own features, each one has…
CONTINUE READING 🡒 
Review of ROSA Fresh Desktop 4
The idea of NSP (National Software Platform) is debated on the government level in Russia. Among other things, such NNP would include ROSA Linux distribution, formerly known as Mandriva. Recently, a new version was released for one…
CONTINUE READING 🡒 
Building weather station with STM32F3DISCOVERY and WizFi220 Wi-Fi module
Recently people have been using Arduino in their projects with increasing frequency, since it contains e.g. Ethernet or Wi-Fi shield. An entire computer is usually altogether superfluous in this context. In this article I will show how…
CONTINUE READING 🡒 
Mobile backend for mobile hacker
Modern cloud services offer hackers potentially unlimited resources. For example, Amazon often uses WPA-brute-force for hacking. In 2011, a German expert Thomas Roth could already search half a million passwords per second paying 28 cents per minute.…
CONTINUE READING 🡒