FUCK 2FA! Bypassing two-factor authentication with Modlishka

Underground forums are full of offers to hack an account or two (or sell you the login credentials of some ten million accounts if you like). In most cases, such attacks involve phishing (sorry, social engineering) and use fake authentication pages. However, this method is ineffective if the user gets pushed a prompt or receives a text message with a six-digit verification code. I am going to demonstrate how to breach the two-factor authentication system by hacking a Google account belonging to one of this magazine’s humble editors.

Read full article →


Software für das Cracken von Software. Auswahl von Tools für das Reverse Engineering

Jeder Reverse Engineer, Malware-Analyst und einfacher Forscher stellt mit der Zeit ein bewährtes Set von Hilfstools zusammen, die er täglich für das Analysieren, Entpacken und Cracken anderer Software verwendet. In diesem Artikel besprechen wir meine. Sie werden für diejenigen nützlich sein, die über kein eigenes Set verfügen und erst mit dem Studium dieses Themas beginnen. Aber auch ein erfahrener Reverse Engineer sollte sich dafür interessieren, was andere Cracker verwenden.

Read full article →


Software for cracking software. Selecting tools for reverse engineering

Every reverse engineer, malware analyst or simply a researcher eventually collects a set of utility software that they use on a daily basis to analyze, unpack, and crack other software. This article will cover mine. It will be useful to anyone who has not yet collected their own toolset and is just starting to look into the subject. However, an experienced reverse engineer must also be curious about what other crackers are using.

Read full article →


The Forest Is Under Control. Taking over the entire Active Directory forest

Active Directory is a phenomenon that comes about quite often during the security testing of large companies. It is all too common to come across not a single domain in a single forest, but rather a more interesting structure with more branches. So today we are going to focus on how to perform reconnaissance and study forest structures. We will also look at possibilities for increasing privileges. Then we will conclude by compromising an enterprise's entire forest!

Read full article →


Chromium Alloy. How to forge a hacking tool from a browser

The phrase “hacking utilities” has gradually come to acquire a negative meaning. Antivirus software teams curse them out, and users look down on them, placing them on a par with potential threats. But one can perform an audit and other relatively significant tasks simply from the browser, if it is prepared properly. In this article we take a look at the respective add-ons to Chrome, but one can find similar additions for Firefox as well.

Read full article →