HackMag – Page 21 – Tech magazine for cybersecurity specialists

OSCP exam and how to pass it

Date: 20/11/2021

Every information security specialist is aware of OSCP certification. It takes plenty of time to prepare to this exam, then it takes a whole day to take it, and then you produce a write-up describing your experience. Those willing to take the OSCP exam post tons of questions in Twitter, on reddit, and on specialized forums. In this article, I will try to give answers to the most common and basic questions on this matter.

Read full article →

Battle Linux. Best pentesting and OSINT distributions

Date: 20/11/2021

Author: Hackat and Mikhail Artyukhin

In this article, we will briefly discuss specialized Linux distributions used by pentesters and ethical hackers. The most popular such distribution is Kali, but we want to bring to your attention several other Linux systems – not only no less efficient, but even surpassing Kali in certain areas.

Read full article →

Kung Fu pivoting. Post-exploitation to the maximum

Date: 19/09/2021

Author: s0i37

Pivoting is an important stage of any pentesting research: the attacker establishes a foothold in the compromised system to use it as a bridgehead for further penetration. This article examines the basic pivoting techniques used nowadays.

Read full article →

Obliterating traces: How to make Windows 10 forget everything

Date: 19/09/2021

Author: ShəLMā

Cookies, browsing history, saved passwords, and data from the Windows Registry – all this information can be easily retrieved by a person who gets physical access to your PC. That’s why every hacker must know how to delete logs, caches, and other cookies to protect sensitive data from prying eyes.

Read full article →

Divination by IPsec logs: A practical guide to IKE protocol

Date: 19/09/2021

Author: Daniil Baturin

IPsec was designed as a universal protocol stack for VPN – the ultimate solution rendering all alternative protocols unnecessary. However, the existence of OpenVPN, WireGuard, and many other protocols clearly indicates that the developers of IPsec failed to achieve their goal.

Read full article →

Chum Bucket. How I hacked a 20-billion corporation using a free service

Date: 19/09/2021

Author: Dead Beef

As you are likely aware, data breaches occur on a regular basis in this wild world. Each such incident is preceded by painstaking work: information collection and analysis, identification of security holes, selection of attack tools, etc. Today, I will reveal to our readers how I hacked the $20-billion TUI Group using publicly available free tools and my own wits.

Read full article →

Attacks on clouds. Azure and AWS hacking guide

Date: 19/09/2021

Author: Artur Bagiryan

The migration of IT infrastructure to clouds is not just a tribute to fashion: this approach allows to save on technical support, backup, and administration. In addition, cloud-based infrastructure is believed to be more resistant to failures and external attacks. But the bitter truth is that even the most popular hybrid cloud services, including Azure and AWS, can be hacked. In this article, I will address basic techniques used to attack cloud environments.

Read full article →