In the course of a pentesting audit, you often have to simulate phishing attacks. This article provides a step-by-step guide to deploying infrastructure for such simulation. You will learn how to create a mail server from scratch, install and configure the Evilginx reverse proxy, and then integrate…
CONTINUE READING 🡒 
MikroTik Daymare. Protecting MikroTik equipment from hacker attacks
MikroTik devices are widely used in corporate networks, but in most cases they aren’t properly configured, which opens the door to various attacks. This article discusses basic RouterOS security concepts, including protection against spoofing, traffic handling, and attacks on control panels.
CONTINUE READING 🡒 
Blinding Sysmon completely: Manipulating ETW objects to evade monitoring
Immediately after getting access to the target system, the attacker tries to disable its audit tools to remain undetected as long as possible. In this article, I will explain how to blind Windows monitoring tools by manipulating the Event Tracing for Windows (ETW) subsystem.
CONTINUE READING 🡒 
Android devices will restart every three days to protect user…
Google introduces a new security feature for Android devices: locked and unused devices will be automatically restarted after three days of inactivity to return their memory to an encrypted state.
CONTINUE READING 🡒 
Hackers exploit authentication bypass bug in OttoKit WordPress plugin
Hackers exploit an authentication bypass vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin used by more than 100,000 websites. First attacks were recorded just hours after the bug disclosure.
CONTINUE READING 🡒 
NFC from a hacker’s perspective. Attacking Mifare-based PACS
At some point, simple identifiers cannot ensure proper access control anymore, and consumers switch to a more advanced solution: Mifare. But are Mifare-based devices actually as secure as the manufacturer claims? Let’s figure it out!
CONTINUE READING 🡒 
Hackers compromised a bureau within the U.S. Department of the…
The Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury, reported a major cybersecurity incident. Unknown attackers had access to sensitive financial watchdog data for more than a year.
CONTINUE READING 🡒 
April updates released by Microsoft cause issues with Windows Hello
Microsoft warns that some Windows users who have installed the April updates might be unable to login to their Windows services using Windows Hello facial recognition or PIN.
CONTINUE READING 🡒 
MikroTik Nightmare. Pentesting MikroTik network equipment
This article discusses the security of MikroTik equipment from the attacker’s perspective. Being very popular, MikroTik products are often attacked by hackers. The primary focus of this research is post-exploitation. Also, I will touch on issues plaguing RouterOS defense mechanisms that are exploited by…
CONTINUE READING 🡒 
Website of Everest ransomware group hacked and defaced
Last weekend, the darknet website of the Everest ransomware group was hacked and went offline. The attackers replaced its content with a sarcastic message: “Don’t do crime CRIME IS BAD xoxo from Prague.”
CONTINUE READING 🡒 
Critical RCE vulnerability discovered in Apache Parquet
All versions of Apache Parquet up to and including 1.15.0 are affected by a critical remote code execution (RCE) vulnerability whose CVSS score is 10 out of 10.
CONTINUE READING 🡒 
Privilege escalation vulnerability in Google Cloud resulting in sensitive data…
Tenable Research revealed details of a recently patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run enabling an attacker to gain access to container images and even inject malicious code into them.
CONTINUE READING 🡒 
Custom fabrication. Reversing D-Link router firmware
When you create custom firmware for routers, you often have to forge the signature so that your handmade microcode can be flushed using the stock web interface. To forge a signature, you must be familiar with the image validation procedure in the stock firmware. To get a general…
CONTINUE READING 🡒 
Hackers abuse MU plugins to inject malicious payloads to WordPress
According to Sucuri, hackers store malicious code in the MU-plugins (Must-Use Plugins) directory in WordPress and execute it while remaining undetected.
CONTINUE READING 🡒 
Save me. How to protect networks against spoofing attacks
Spoofing attacks are simple to deliver, and their impact is gross. This article discusses such attacks from the security perspective. The main challenge is to intelligently integrate network security solutions with production without disrupting business processes. Such integration requires a good understanding of the network…
CONTINUE READING 🡒 
Zero-day vulnerability in Windows results in NTLM hash leaks
Security experts reported a new zero-day vulnerability in Windows that enables remote attackers to steal NTLM credentials by tricking victims into viewing malicious files in Windows Explorer.
CONTINUE READING 🡒 
Cloudflare to block all unencrypted traffic to its APIs
According to Cloudflare, effective immediately, only secure HTTPS connections to api.cloudflare.com will be accepted; while all HTTP ports are to be closed.
CONTINUE READING 🡒 
Serpent anatomy: Dissecting and reversing PyInstaller
Humanity has created a whole bestiary of scripting languages with low learning curves in an attempt to make the IT world accessible to imbeciles newbies who have completed a month-long course. Without question, Python is currently the king of beasts in this bestiary. The creeping reptile has entangled the entire…
CONTINUE READING 🡒 
Alexa to stop processing data locally. All voice requests will…
Amazon announced that the privacy option allowing users of Echo speakers to avoid sending their voice recordings to the company’s cloud will no longer be supported.
CONTINUE READING 🡒 
Caster Remix. Windows post-exploitation with virtual MikroTik
Recently I discovered a new way to implement L2 tunneling against Windows networks. Inspired by the spying penguin concept, I am going to demonstrate a fresh approach to Windows post-exploitation involving a MikroTik Cloud Hosted Router (CHR) that enables you to perform pivoting and provides L2…
CONTINUE READING 🡒