HackMag – Page 18 – Security, malware, coding, devops

Bug hunt. Spying devices and how to detect them

Written by atreau

One might think that bugs from spy movies got obsolete nowadays. Who needs this stuff if microphones and cameras are everywhere – in laptops, smartphones, and zillions of other devices? However, in most cases, it is more difficult to get access to these gadgets than to the physical space where they are located. Here is where miniature, barely visible, and top-notch equipment comes into play. Let’s try to find out whether ordinary people should be concerned about spying tools potentially used against them and what security precautions should be taken, if any.

Read full article →

The beginning of Nginx. Igor Sysoev tells the story of the renowned web server

Written by HackMag

On December 12, 2019, a surprise search was conducted in the Moscow office of Nginx, Inc. Igor Ippolitov, an engineer at Nginx, was the first to inform the public of it in his Twitter. The original tweet was removed shortly after the publication (Ippolitov was ‘kindly asked’ to do so), but other users have saved it and published photos of the search warrant.

Read full article →

The great mischief. Working your way to the root flag through IPv6 labyrinths on a Hack the Box virtual machine

Written by snovvcrash

In this article, I will explain how to gain superuser privileges on Mischief VM available on Hack The Box training grounds. During this journey, you will acquire some SNMP skills, understand the IPv6 routing principles, and learn how to deal with the access control list (ACL) regulating the files and folders permissions. In the end, I will show how to write an ICMP shell in Python and test it.

Read full article →

Secrets of the treasurer’s laptop: digital forensic analysis helps solve cybercrime

Written by Ivan Piskunov

“Where’s the money?” Or, rather, “Where did the money go?” The user of a company-owned Windows 10 laptop fell victim of a cyberfraud attack. Or maybe the employee faked it and stole the money while pointing fingers to “evil hackers”? We’ll sure find out.

Read full article →

No tracking, no bookmarks. How to assemble your own cellphone

Written by Candidum

What does your phone know about you? How secure is your information, and who can access it? Do you know that you can build and flash your own, 100% secure cellphone in just a few days? Today, I will explain how to do this.

Read full article →

Universal interception. How to bypass SSL Pinning and monitor traffic of any application

Written by AseN

In many cases, the research of an app’s internal structure can be narrowed down to monitoring its traffic. Just a few years ago, a major share of the traffic was transmitted via the plain, easily interceptable HTTP protocol. By now, HTTPS has become the standard in most applications as a part of the defense mechanisms against eavesdropping. Today, I will try to explain what the different defense approaches have in common and whether their common component can be used to create a universal HTTPS interception technique.

Read full article →

Protecting microcontrollers. Implementing Firmware Hardening and Secure Boot on STM32

Written by Alexander Buraga

The intensity of attacks targeting IoT devices increases with year over year. New threats require a complex approach; as a result, security became the top priority for both software developers and hardware manufacturers. This article addresses the primary vectors of attacks against smart gadgets and describes some firmware and data protection techniques using a Nucleo development board equipped with an STM32H743 microcontroller as an example.

Read full article →