Protecting microcontrollers. Implementing Firmware Hardening and Secure Boot on STM32

The intensity of attacks targeting IoT devices increases with year over year. New threats require a complex approach; as a result, security became the top priority for both software developers and hardware manufacturers. This article addresses the primary vectors of attacks against smart gadgets and describes some firmware and data protection techniques using a Nucleo development board equipped with an STM32H743 microcontroller as an example.

Read full article →


Poisoned documents. How to exploit dangerous Microsoft Office bugs

This article addresses several critical vulnerabilities in Microsoft Office programs. They aren’t new and had caused a great stir a while back. Metasploit Framework modules have already been developed for these bugs, and plenty of related projects are available on GitHub. However, unpatched copies of Microsoft Office (starting from version 2003 and up to and including Office 2016) still remain in the wild dragging down corporate security and opening paths for malicious attacks.

Read full article →


Hacked IP camera. Searching for vulnerabilities in smart gadgets

The security of home gadgets is a burning topic. Botnet attacks such as Mirai affect millions of devices and inflict huge damages. Ethical hackers continue discovering vulnerabilities in popular gadgets, which manufacturers don’t rush fixing. In this article, I will tell how to check your hardware for security issues using a popular IP camera as an example. Spoiler: it is plagued by tons of vulnerabilities.

Read full article →


The taming of Kerberos. Seizing control over Active Directory on a HackTheBox virtual PC

In this article, I am going to show how to escalate from an unprivileged user to the administrator of the Active Directory domain controller. The demonstration will be performed on a virtual PC available for hacking on the HackTheBox online platform, the place where aspiring hackers polish their pentesting and cybersecurity skills. Of course, this VM is not overly complex, but if you intend to pentest corporate networks, it is very important to learn how to work with Active Directory

Read full article →


A brief guide to programmable logic controllers. Searching for vulnerabilities in industrial PLC devices

Many users believe that controllers installed in buildings and factories are protected better than home gadgets. They are wrong. Today, I will show you how to hack programmable logic controllers using a Linux-based computer. A Linx-150 automation server will be used as an example. You can use this method as a hacking guide for other similar pieces of equipment.

Read full article →