HackMag – Page 17 – Tech magazine for cybersecurity specialists

First contact: How hackers steal money from bank cards

Date: 15/02/2022

Network fraudsters and carders continuously invent new ways to steal money from cardholders and card accounts. This article discusses techniques used by criminals to bypass security systems protecting bank cards.

Read full article →

EVE-NG: Building a cyberpolygon for hacking experiments

Date: 15/02/2022

Author: Kirill Murzin

Virtualization tools are required in many situations: testing of security utilities, personnel training in attack scenarios or network infrastructure protection, etc. Some admins reinvent the wheel by assembling fearsome combinations of virtual machines and all kinds of software. I suggest another way: set up an emulation platform using EVE-NG and create on its basis a universal scalable cyberpolygon enabling networking and security specialists to polish their skills.

Read full article →

Reverse shell of 237 bytes. How to reduce the executable file using Linux hacks

Date: 15/02/2022

Author: kclo3

Once I was asked: is it possible to write a reverse shell some 200 bytes in size? This shell should perform the following functions: change its name and PID on a regular basis, make you coffee, and hack the Pentagon… Too bad, this is most likely impossible. But the task seemed interesting and challenging to me. Let’s see whether it can be implemented.

Read full article →

F#ck da Antivirus! How to bypass antiviruses during pentest

Date: 09/02/2022

Author: s0i37

Antiviruses are extremely useful tools – but not in situations when you need to remain unnoticed on an attacked network. Today, I will explain how to fool antivirus programs and avoid detection in compromised systems during penetration testing.

Read full article →

Dangerous developments: An overview of vulnerabilities in coding services

Date: 09/02/2022

Author: SooLFaa

Development and workflow management tools represent an entire class of programs whose vulnerabilities and misconfigs can turn into a real trouble for a company using such software. For a pentester, knowledge of these bugs is a way to successful exploitation; while for an admin, it’s a great opportunity to enhance the protection. This article discusses vulnerabilities discovered in Jira, Confluence, Asana, Docker, GitLab, and other similar products.

Read full article →

Kernel exploitation for newbies: from compilation to privilege escalation

Date: 09/02/2022

Author: RoadToLP

Theory is nothing without practice. Today, I will explain the nature of Linux kernel vulnerabilities and will shown how to exploit them. Get ready for an exciting journey: you will create your own Linux kernel module and use it to escalate your privileges to superuser. Then you’ll build a Linux kernel with a vulnerable module, prepare everything required to run the kernel in a QEMU virtual machine, and automate the kernel module loading process. Finally, you will learn how to debug the kernel and use the ROP technique to gain root privileges.

Read full article →

First contact: An introduction to credit card security

Date: 09/02/2022

Author: Timur Yunusov

I bet you have several cards issued by international payment systems (e.g. Visa or MasterCard) in your wallet. Do you know what algorithms are used in these cards? How secure are your payments? People pay with such cards every day but know very little about them. Numerous myths accompany card payments. But to understand what tricks can be used to steal money from a card, you must first get an idea of the payment mechanisms used in it.

Read full article →