Every information security specialist is aware of OSCP certification. It takes plenty of time to prepare to this exam, then it takes a whole day to take it, and then you produce a write-up describing your experience. Those willing to take the OSCP exam post tons of questions in Twitter,…
CONTINUE READING 🡒 Category: Coding
Battle Linux. Best pentesting and OSINT distributions
In this article, we will briefly discuss specialized Linux distributions used by pentesters and ethical hackers. The most popular such distribution is Kali, but we want to bring to your attention several other Linux systems – not only no less efficient, but even…
CONTINUE READING 🡒 
Divination by IPsec logs: A practical guide to IKE protocol
IPsec was designed as a universal protocol stack for VPN – the ultimate solution rendering all alternative protocols unnecessary. However, the existence of OpenVPN, WireGuard, and many other protocols clearly indicates that the developers of IPsec failed to achieve their goal.
CONTINUE READING 🡒 
Chum Bucket. How I hacked a 20-billion corporation using a…
As you are likely aware, data breaches occur on a regular basis in this wild world. Each such incident is preceded by painstaking work: information collection and analysis, identification of security holes, selection of attack tools, etc. Today, I will reveal to our readers…
CONTINUE READING 🡒 
Security hole in BIG-IP. Exploiting a new vulnerability in F5…
In July 2020, a severe vulnerability was identified in the F5 product line. The bug affects inter alia BIG-IP, an application delivery controller used by many major companies, including banks and mobile operators. The vulnerability received the highest severity index because it allows unprivileged…
CONTINUE READING 🡒 
How to reinstall Windows remotely
Remote work is the main trend of this year. It suddenly turned out that many things can be done more efficiently from home than sitting in the office. In my humble opinion, such a standard operation as OS reinstallation can be performed remotely as…
CONTINUE READING 🡒 
Holes in the hole. Vulnerabilities in Pi-hole allow to seize…
Three severe vulnerabilities have been recently discovered in Pi-hole, a popular app that blocks advertisement and unwanted scripts. Two of these vulnerabilities result in remote command execution, while the third one allows to escalate your privileges to root. Let’s examine the origin of these bugs and concurrently find…
CONTINUE READING 🡒 
Duck tales. How to create a wireless analogue of Rubber…
Hackers and pentesters consider BadUSB an efficient attack vector; it emulates the keyboard and performs operations on the attacked computer under the disguise of user input. Such attacks are very difficult-to-detect because neither the OS nor antiviruses suspect the keyboard of any wrongdoing. Today, I will show…
CONTINUE READING 🡒 
ZetaSDR: Assembling a software defined radio with your own hands
SDR (software defined radio) is a radio communication system that uses software to convert radio signals into digital code. This provides tremendous possibilities for the analysis of radio signals, and plenty of SDRs are currently available on the market. In this article, I will explain…
CONTINUE READING 🡒 
Poisonous Python. Coding malware in Python: a locker, an encryptor,…
Why write malware in Python? First, to learn the basics of malicious coding and, second, to practice in this programming language. After all, malware written in Python is widespread in this wild world, and many antiviruses don’t detect it.
CONTINUE READING 🡒 
MicroB. Writing BASIC in assembler language and squeezing it into…
Want some practice in assembler? Today, I will show step-by-step how to write a BASIC interpreter and run it from the boot sector of your PC. My interpreter includes overlapping subprograms with branching recursion – otherwise, BASIC won’t fit in 512 bytes. It’s quite…
CONTINUE READING 🡒 
Homemade keylogger. Writing an undetectable keylogger in C#
Commercial keyloggers supporting numerous functions and protected against detection may cost dozens and even hundreds of dollars. However, it is not that difficult to create a homemade keylogger and avoid antivirus alerts. In this article, I will…
CONTINUE READING 🡒 
Attacking a car alarm. How does a car alarm security…
Since such devices as bladeRF, HackRF, RTL-SDR, and software systems like GNU Radio had become widely available, reverse engineering of radio air data got really simple and entertaining.
CONTINUE READING 🡒 
Android 6.0 permissions in protection and attack
Everyday, new vulnerabilities are discovered in mobile devices that can be exploited by intruders. They can send an SMS to a pay-per-call number, they can collect and sell a large database of contact details, and they can…
CONTINUE READING 🡒 
How to keep an eye on someone through an Android…
Everyone cares about their significant others' security. We all know that feeling when your calls are not answered and your Whatsapp messages not marked as read. In a moment like that you would do a lot to…
CONTINUE READING 🡒 
Learning heterogeneous parallelism in C++ with AMP
When it became physically impossible to further increase the number of transistors in a single microprocessor core, the manufacturers started to put several cores on a chip. This was accompanied by the emergence of such frameworks, that…
CONTINUE READING 🡒 
Welcome, Sails.js! The Missing Rails for Node.js
Let me tell you the truth. There is a true secret lodge of JavaScript fans in our magazine. As soon as we, including the chief editor, the managing editor, and yours truly, catch the sight of one…
CONTINUE READING 🡒 
Building weather station with STM32F3DISCOVERY and WizFi220 Wi-Fi module
Recently people have been using Arduino in their projects with increasing frequency, since it contains e.g. Ethernet or Wi-Fi shield. An entire computer is usually altogether superfluous in this context. In this article I will show how…
CONTINUE READING 🡒 
Mobile backend for mobile hacker
Modern cloud services offer hackers potentially unlimited resources. For example, Amazon often uses WPA-brute-force for hacking. In 2011, a German expert Thomas Roth could already search half a million passwords per second paying 28 cents per minute.…
CONTINUE READING 🡒 
Let’s learn the basics of build automation with the help…
Any software development project is always associated with the automation of related routine tasks. Initially, IDE and a pair of manual operations will be enough for you. Then, the number of body movements begins to grow: you…
CONTINUE READING 🡒