HackMag – Page 28 – Tech magazine for cybersecurity specialists

Kung Fu pivoting. Post-exploitation to the maximum

Date: 19/09/2021

Author: s0i37

Pivoting is an important stage of any pentesting research: the attacker establishes a foothold in the compromised system to use it as a bridgehead for further penetration. This article examines the basic pivoting techniques used nowadays.

Read full article →

Obliterating traces: How to make Windows 10 forget everything

Date: 19/09/2021

Author: ShəLMā

Cookies, browsing history, saved passwords, and data from the Windows Registry – all this information can be easily retrieved by a person who gets physical access to your PC. That’s why every hacker must know how to delete logs, caches, and other cookies to protect sensitive data from prying eyes.

Read full article →

Divination by IPsec logs: A practical guide to IKE protocol

Date: 19/09/2021

Author: Daniil Baturin

IPsec was designed as a universal protocol stack for VPN – the ultimate solution rendering all alternative protocols unnecessary. However, the existence of OpenVPN, WireGuard, and many other protocols clearly indicates that the developers of IPsec failed to achieve their goal.

Read full article →

Chum Bucket. How I hacked a 20-billion corporation using a free service

Date: 19/09/2021

Author: Dead Beef

As you are likely aware, data breaches occur on a regular basis in this wild world. Each such incident is preceded by painstaking work: information collection and analysis, identification of security holes, selection of attack tools, etc. Today, I will reveal to our readers how I hacked the $20-billion TUI Group using publicly available free tools and my own wits.

Read full article →

Attacks on clouds. Azure and AWS hacking guide

Date: 19/09/2021

Author: Artur Bagiryan

The migration of IT infrastructure to clouds is not just a tribute to fashion: this approach allows to save on technical support, backup, and administration. In addition, cloud-based infrastructure is believed to be more resistant to failures and external attacks. But the bitter truth is that even the most popular hybrid cloud services, including Azure and AWS, can be hacked. In this article, I will address basic techniques used to attack cloud environments.

Read full article →

Fake address. How to change geolocation on Android devices and fool apps

Date: 19/09/2021

Author: Mazay

Android has a wonderful feature: you can make any program the provider of geocoordinates, so that the entire system will use the latitude and longitude provided by it. In this article, I will show how to exploit this feature and how to write a program spoofing GPS coordinates.

Read full article →

Malware under surveillance. Sandboxes and how to detect them

Date: 16/09/2021

Author: Boris Razor & Alex Mess

Boris Razor & Alex Mess

One of the ways to detect malware is to run it in a sandbox, i.e. in an isolated environment where you can monitor the program’s behavior. In this article, we will explain how sandboxes work and examine techniques allowing malicious programs to evade detection (including methods not covered in specialized literature and Internet blogs).

Read full article →