HackMag – Page 2 – Security, malware, coding, devops

First Contact: Attacks on Google Pay, Samsung Pay, and Apple Pay

Electronic wallets, such as Google Pay, Samsung Pay, and Apple Pay, are considered the most advanced and secure payment tools. However, these systems are also plagued by vulnerabilities because they use technologies created thirty years ago. This article describes techniques used to hack popular electronic wallets, including the new Cryptogram Confusion attack targeting wallets and EMV/NFC cards.

Read full article →

Ethernet Abyss. Network pentesting at the data link layer

Written by Caster

When you attack a network at the data link layer, you can ‘leapfrog’ over all protection mechanisms set at higher levels. This article will walk you through most of the attack vectors targeting this lowest level of the network.

Read full article →

Gateway Bleeding. Pentesting FHRP systems and hijacking network traffic

Written by Caster

There are many ways to increase fault tolerance and reliability of corporate networks. Among other things, First Hop Redundancy Protocols (FHRP) are used for this purpose. In this article, I will explain how pentesters interact with FHRP in the course of network attacks.

Read full article →

Top 5 Ways to Use a VPN for Enhanced Online Privacy and Security

Written by Duygu Demiroz

This is an external third-party advertising publication.

Read full article →

What Challenges To Overcome with the Help of Automated e2e Testing?

Written by Functionize Team

This is an external third-party advertising publication.

Read full article →

Playful Xamarin. Researching and hacking a C# mobile app

Written by Mazay

Java or Kotlin are not the only languages you can use to create apps for Android. C# programmers can develop mobile apps using the Xamarin open-source platform. Today, I will explain how to research such apps and find ways to hack them.

Read full article →

Challenge the Keemaker! How to bypass antiviruses and inject shellcode into KeePass memory

Written by snovvcrash

Recently, I was involved with a challenging pentesting project. Using the KeeThief utility from GhostPack, I tried to extract the master password for the open-source KeePass database from the process memory. Too bad, EDR was monitoring the system and prevented me from doing this: after all, KeeThief injects shellcode into a remote process in a classical oldie-goodie way, and in 2022, such actions have no chance to go unnoticed.

Read full article →