Contactless payment cards are very convenient: you just tap the terminal with your card, and a few seconds later, your phone rings indicating that the transaction is completed. But this convenience has a downside: malefactors can steal money from such cards. This article provides an overview of methods used to hack NFC (near-field communication) payment cards.

Each aspiring pentester or information security enthusiast wants to advance at some point from reading exciting write-ups to practical tasks. How to do this in the best way and what should you pay attention to in the first place? In this article, I will describe my own pentesting journey and share some of my findings.

Once you have got a shell on the target host, the first thing you have to do is make your presence in the system ‘persistent’. In many real-life situations, you have only one RCE attempt and cannot afford losing access due to some unexpected event.

If you had ever administered a server, you definitely know that the password-based authentication must be disabled or restricted: either by a whitelist, or a VPN gateway, or in some other way. We decided to conduct an experiment and check what happens if this simple step isn’t taken.

Penetration into the target network is just the first stage of a hacking attack. At the next stage, you have to establish a foothold there, steal users’ credentials, and gain the ability to run arbitrary code in the system. This article discusses techniques used to achieve the above goals and explains how to perform lateral movement in compromised networks.

Analysis of all kinds of vulnerabilities is one of the main HackMag topics. In this article, I will use four classical pentesting tasks to explain how to identify bugs in web apps.

News portals report large-scale data leaks nearly on a daily basis. Such accidents occur with all kinds of computer systems all over the world; the severity of their consequences varies from devastating to disastrous. In this article, I will show how easy it is to gain access to vast arrays of data.