Secrets of V8 Engine. Dissecting Chrome on a Hack The Box virtual machine

No, this article isn’t about motor cylinders and valves – it’s about Google V8 Engine used in Chromium and Android. Today, I will show how to hack it on RopeTwo, the most hardcore VM on Hack The Box. Concurrently, you will learn what types of data are used in this engine, how to manipulate them in order to drop an exploit, how to use V8 debugging tools, what it WebAssembly, and how can it be used to penetrate into the RopeTwo shell.
Read full article →

Lateral movement guide: Remote code execution in Windows

Penetration into the target network is just the first stage of a hacking attack. At the next stage, you have to establish a foothold there, steal users’ credentials, and gain the ability to run arbitrary code in the system. This article discusses techniques used to achieve the above goals and explains how to perform lateral movement in compromised networks.
Read full article →