No, this article isn’t about motor cylinders and valves – it’s about Google V8 Engine used in Chromium and Android. Today, I will show how to hack it on RopeTwo, the most hardcore VM on Hack The Box. Concurrently, you will learn what types of data are used in this engine, how to manipulate them in order to drop an exploit, how to use V8 debugging tools, what it WebAssembly, and how can it be used to penetrate into the RopeTwo shell.
Read full article →How to fool MSI installer: Instruction for lazy hackers
To run a program, you must install it first. But what if the installer doesn’t want to start, or even worse, refuses to install the app? In that situation, you have no choice but to hack it. Today, I will show how to do this easily, quickly, and effectively.
Read full article →Long live the data! How to recover information from a bricked flash drive in Linux
As you are well aware, computer specialists are often asked to recover data from broken flash drives. Today, I will explain how to use TestDisk and PhotoRec for data restoration. And then I will show that all you need to recover data from a bricked memory stick are, in fact, a Hex editor and some wits.
Read full article →Right to root. Privilege escalation in Linux
Root privileges allow you to do whatever you want in the system: establish a foothold by creating a backdoor, inject a rootkit or a trojan, alter or delete any information, etc. Accordingly, privilege escalation is one of your primary objectives during an attack. In this article, I will explain how to gain root rights on Linux systems.
Read full article →OSCP exam and how to pass it
Every information security specialist is aware of OSCP certification. It takes plenty of time to prepare to this exam, then it takes a whole day to take it, and then you produce a write-up describing your experience. Those willing to take the OSCP exam post tons of questions in Twitter, on reddit, and on specialized forums. In this article, I will try to give answers to the most common and basic questions on this matter.
Read full article →Battle Linux. Best pentesting and OSINT distributions
In this article, we will briefly discuss specialized Linux distributions used by pentesters and ethical hackers. The most popular such distribution is Kali, but we want to bring to your attention several other Linux systems – not only no less efficient, but even surpassing Kali in certain areas.
Read full article →Divination by IPsec logs: A practical guide to IKE protocol
IPsec was designed as a universal protocol stack for VPN – the ultimate solution rendering all alternative protocols unnecessary. However, the existence of OpenVPN, WireGuard, and many other protocols clearly indicates that the developers of IPsec failed to achieve their goal.
Read full article →