Today, I will give a brief overview of some of the best pentesting portals recognized by security experts. These training grounds enable ethical hackers to polish their skills while preserving ‘ethicality’ and exploit newly-discovered vulnerabilities while staying within the bounds of the law.
Poisoned documents. How to exploit dangerous Microsoft Office bugs
This article addresses several critical vulnerabilities in Microsoft Office programs. They aren’t new and had caused a great stir a while back. Metasploit Framework modules have already been developed for these bugs, and plenty of related projects are available on GitHub. However, unpatched copies of Microsoft Office (starting from version 2003 and up to and including Office 2016) still remain in the wild dragging down corporate security and opening paths for malicious attacks.
Epic pivoting. Polishing traffic routing skills on HackTheBox virtual machines
A good knowledge of pivoting (a technique used to route traffic to the victim and back through interim hosts) is essential for any ethical hacker. Furthermore, this skill is absolutely mandatory for corporate network pentesting. In this article, I am going two hack two simple virtual machines on Hack The Box and demonstrate how to route traffic in the course of pentesting.
Hacked IP camera. Searching for vulnerabilities in smart gadgets
The security of home gadgets is a burning topic. Botnet attacks such as Mirai affect millions of devices and inflict huge damages. Ethical hackers continue discovering vulnerabilities in popular gadgets, which manufacturers don’t rush fixing. In this article, I will tell how to check your hardware for security issues using a popular IP camera as an example. Spoiler: it is plagued by tons of vulnerabilities.
The taming of Kerberos. Seizing control over Active Directory on a HackTheBox virtual PC
In this article, I am going to show how to escalate from an unprivileged user to the administrator of the Active Directory domain controller. The demonstration will be performed on a virtual PC available for hacking on the HackTheBox online platform, the place where aspiring hackers polish their pentesting and cybersecurity skills. Of course, this VM is not overly complex, but if you intend to pentest corporate networks, it is very important to learn how to work with Active Directory
A brief guide to programmable logic controllers. Searching for vulnerabilities in industrial PLC devices
Many users believe that controllers installed in buildings and factories are protected better than home gadgets. They are wrong. Today, I will show you how to hack programmable logic controllers using a Linux-based computer. A Linx-150 automation server will be used as an example. You can use this method as a hacking guide for other similar pieces of equipment.
Hide-and-seek with Windows 10. Testing spyware and privacy protection tools
Over four years have passed since the release of Windows 10, and throughout this entire period, user data have been ‘leaking’ to Microsoft servers. The problem has been further exacerbated by Microsoft repeatedly forcing a reset of the users’ privacy settings and reactivating Windows Update disabled by the user. In this article, I will discuss and compare several utilities developed to control Microsoft’s ‘spying’ activities, and test their efficiency on two Window 10 builds.