Each aspiring pentester or information security enthusiast wants to advance at some point from reading exciting write-ups to practical tasks. How to do this in the best way and what should you pay attention to in the first place? In this article, I will describe my own…
CONTINUE READING 🡒 
Persistence cheatsheet. How to establish persistence on the target host…
Once you have got a shell on the target host, the first thing you have to do is make your presence in the system ‘persistent’. In many real-life situations, you have only one RCE attempt and cannot afford losing access due to some unexpected event.
CONTINUE READING 🡒 
It’s a trap! How to create honeypots for stupid bots
If you had ever administered a server, you definitely know that the password-based authentication must be disabled or restricted: either by a whitelist, or a VPN gateway, or in some other way. We decided to conduct an experiment and check what happens if this simple step isn’t taken.
CONTINUE READING 🡒 
Digging to the bottom. Escalating privileges to root with kernel…
This article discusses one of the most sophisticated PWN topics: kernel exploitation in Linux. You are about to learn what tools are required for kernel debugging, what are LKM, KGDB, IOCTL, and TTY, and many other exciting things!
CONTINUE READING 🡒 
The big heap adventure. Mastering heap exploitation techniques on a…
This article covers the following topics: memory management algorithms in Linux, heap exploitation techniques, and exploitation of the Use-After-Free (UAF) vulnerability on a host where all protection mechanisms are enabled. The target machine is RopeTwo, one of the most hardcore VMs on Hack The Box.
CONTINUE READING 🡒 Secrets of V8 Engine. Dissecting Chrome on a Hack The…
No, this article isn’t about motor cylinders and valves – it’s about Google V8 Engine used in Chromium and Android. Today, I will show how to hack it on RopeTwo, the most hardcore VM on Hack The Box. Concurrently, you will learn what types of data…
CONTINUE READING 🡒 
Lateral movement guide: Remote code execution in Windows
Penetration into the target network is just the first stage of a hacking attack. At the next stage, you have to establish a foothold there, steal users’ credentials, and gain the ability to run arbitrary code in the system. This article discusses techniques used to achieve the above goals and explains…
CONTINUE READING 🡒 
Fatal mistakes. How to identify logical vulnerabilities in web apps
Analysis of all kinds of vulnerabilities is one of the main HackMag topics. In this article, I will use four classical pentesting tasks to explain how to identify bugs in web apps.
CONTINUE READING 🡒 
Searching for leaks: How to find and steal databases
News portals report large-scale data leaks nearly on a daily basis. Such accidents occur with all kinds of computer systems all over the world; the severity of their consequences varies from devastating to disastrous. In this article, I will show how easy it is to…
CONTINUE READING 🡒 
Controlling Android. Dangerous APIs enable hackers to intercept data and…
In addition to traditional permissions, Android has three metapermissions that open access to very dangerous APIs enabling the attacker to seize control over the device. In this article, I will explain how to use them so that you can programmatically press smartphone buttons, intercept…
CONTINUE READING 🡒 
Coronavirus in darknet. New arrivals on black markets amid the…
Amid the COVID-19 pandemic, plenty of products supposed to protect you against COVID-19, or ease the course of the disease, or even heal you became available on the darknet (as well as on legitimate marketplaces). Because the shady segment of the global network is of utmost interest to hackers, I…
CONTINUE READING 🡒 
How to fool MSI installer: Instruction for lazy hackers
To run a program, you must install it first. But what if the installer doesn’t want to start, or even worse, refuses to install the app? In that situation, you have no choice but to hack it. Today, I will show how to do this easily, quickly,…
CONTINUE READING 🡒 
Long live the data! How to recover information from a…
As you are well aware, computer specialists are often asked to recover data from broken flash drives. Today, I will explain how to use TestDisk and PhotoRec for data restoration. And then I will show that all you need to recover data…
CONTINUE READING 🡒 
Introduction to Row Level Security. Examining access rights differentiation systems…
There are many ways to show the user only the data they need. Row level security (RLS) is one of the most universal, simple, and reliable mechanisms ensuring that the data are presented only to persons having the required access rights. In this article, I will show…
CONTINUE READING 🡒 
Ruffling the penguin! How to fuzz Linux kernel
For the last five years, I’ve been using fuzzing to find vulnerabilities in the Linux kernel. During that time, I implemented three major projects: fuzzed the network subsystem through system calls (and wrote several exploits for the identified bugs), then fuzzed the network…
CONTINUE READING 🡒 
Secret of the widget. Exploiting a new severe vulnerability in…
In September 2019, the CVE-2019-16759 vulnerability was discovered in the vBulletin forum engine. The bug enabled any user to execute arbitrary commands in the system and even resembled a backdoor. The developers have promptly fixed it, but in August 2020, a new possibility to bypass the patch and exploit the last…
CONTINUE READING 🡒 
Right to root. Privilege escalation in Linux
Root privileges allow you to do whatever you want in the system: establish a foothold by creating a backdoor, inject a rootkit or a trojan, alter or delete any information, etc. Accordingly, privilege escalation is one of your primary objectives during an attack. In this article, I will…
CONTINUE READING 🡒 
OSCP exam and how to pass it
Every information security specialist is aware of OSCP certification. It takes plenty of time to prepare to this exam, then it takes a whole day to take it, and then you produce a write-up describing your experience. Those willing to take the OSCP exam post tons of questions in Twitter,…
CONTINUE READING 🡒 
Battle Linux. Best pentesting and OSINT distributions
In this article, we will briefly discuss specialized Linux distributions used by pentesters and ethical hackers. The most popular such distribution is Kali, but we want to bring to your attention several other Linux systems – not only no less efficient, but even…
CONTINUE READING 🡒 
Kung Fu pivoting. Post-exploitation to the maximum
Pivoting is an important stage of any pentesting research: the attacker establishes a foothold in the compromised system to use it as a bridgehead for further penetration. This article examines the basic pivoting techniques used nowadays.
CONTINUE READING 🡒