Pivoting is an important stage of any pentesting research: the attacker establishes a foothold in the compromised system to use it as a bridgehead for further penetration. This article examines the basic pivoting techniques used nowadays.

Cookies, browsing history, saved passwords, and data from the Windows Registry – all this information can be easily retrieved by a person who gets physical access to your PC. That’s why every hacker must know how to delete logs, caches, and other cookies to protect sensitive data from prying eyes.

The migration of IT infrastructure to clouds is not just a tribute to fashion: this approach allows to save on technical support, backup, and administration. In addition, cloud-based infrastructure is believed to be more resistant to failures and external attacks. But the bitter truth is that even the most popular hybrid cloud services, including Azure and AWS, can be hacked. In this article, I will address basic techniques used to attack cloud environments.

One of the ways to detect malware is to run it in a sandbox, i.e. in an isolated environment where you can monitor the program’s behavior. In this article, we will explain how sandboxes work and examine techniques allowing malicious programs to evade detection (including methods not covered in specialized literature and Internet blogs).