Recently I discovered a new way to implement L2 tunneling against Windows networks. Inspired by the spying penguin concept, I am going to demonstrate a fresh approach to Windows post-exploitation involving a MikroTik Cloud Hosted Router (CHR) that enables you to perform pivoting and provides L2 access to the target network.

Hey guys! Today, pasta is on the menu! You will learn how to identify vulnerabilities in JavaScript engines using the Fuzzilli fuzzer. After a brief theoretical introduction, you’ll jump directly to practice. Let’s assemble the required tools and start fuzzing.

Hacking electronic turnstiles installed at building entrances is a popular trick shown in many movies. This article discusses RFID-based physical access control systems (PACS) and demonstrates how easily the most commonly used identifier, EM4100, can be faked.

To comprehend operating principles and functions of network protocols, you have to understand their structure. The purpose of this study was to analyze a small portion of network traffic and reconstruct the network diagram based on the data extracted from it.

When you conduct pentesting audits, you rarely enjoy such luxury as admin privileges or root rights. Quite the opposite, in most situations you have to deal with antiviruses and firewalls that make it almost impossible to deliver an attack. Fortunately, emulation and virtualization magic comes to help, and, using these technologies, you can literally accomplish wonders!

Immediately after getting access to the target system, the attacker tries to blind its audit tools to remain undetected as long as possible. In this article, I will explain how to blind Sysmon in a covert way making it possible to fool the regular Windows audit. The technique is pretty simple and involves manipulations with handles and security descriptors.

In January 2021, Google released a new version of its Chrome browser. In total, 16 vulnerabilities have been fixed in it. Using one of them as an example, let’s find out how such bugs occur and examine their exploitation techniques enabling hackers to attack computers with outdated Chrome versions.