This article discusses an important matter every cool hacker programmer should care about: secure code. Perhaps, you think it’s boring and difficult? Not at all! Today I will share with you some of my experience and show how to write Python code you can be proud of.

Today you will learn how to write a cheat for an online shooter. This cheat will implement such hacks as extrasensory perception (ESP) and aimbot. ESP displays player information above their heads (e.g. player’s health, name, or current weapon); while aimbot automatically aims your weapons at other players.

Virtualization tools are required in many situations: testing of security utilities, personnel training in attack scenarios or network infrastructure protection, etc. Some admins reinvent the wheel by assembling fearsome combinations of virtual machines and all kinds of software. I suggest another way: set up an emulation platform using EVE-NG and create on its basis a universal scalable cyberpolygon enabling networking and security specialists to polish their skills.

Once I was asked: is it possible to write a reverse shell some 200 bytes in size? This shell should perform the following functions: change its name and PID on a regular basis, make you coffee, and hack the Pentagon… Too bad, this is most likely impossible. But the task seemed interesting and challenging to me. Let’s see whether it can be implemented.

Theory is nothing without practice. Today, I will explain the nature of Linux kernel vulnerabilities and will shown how to exploit them. Get ready for an exciting journey: you will create your own Linux kernel module and use it to escalate your privileges to superuser. Then you’ll build a Linux kernel with a vulnerable module, prepare everything required to run the kernel in a QEMU virtual machine, and automate the kernel module loading process. Finally, you will learn how to debug the kernel and use the ROP technique to gain root privileges.

Bad news: the Ignition library shipped with the Laravel PHP web framework contains a vulnerability. The bug enables unauthorized users to execute arbitrary code. This article examines the mistake made by the Ignition developers and discusses two exploitation methods for this vulnerability.