HackMag – Page 3 – Security, malware, coding, devops

Vulnerable Java. Hacking Java bytecode encryption

Written by MVK

Java code is not as simple as it seems. At first glance, hacking a Java app looks like an easy task due to a large number of available decompilers. But if the code is protected by bytecode encryption, the problem becomes much more complicated. In this article, I will explain in detail how to circumvent this protection mechanism.

Read full article →

Blindfold game. Manage your Android smartphone via ABD

Written by rexby

One day I encountered a technical issue: I had to put a phone connected to a single-board Raspberry Pi computer into the USB-tethering mode on boot. To do this, I used Android Debug Bridge (ADB), a handy debugging interface for Android devices. There are several ways to automate the work of apps on an Android smartphone using ADB, and this paper examines one of them.

Read full article →

Climb the heap! Exploiting heap allocation problems

Written by Viacheslav Moskvin

Some vulnerabilities originate from errors in the management of memory allocated on a heap. Exploitation of such weak spots is more complicated compared to ‘regular’ stack overflow; so, many ~~hackers~~ security researchers have no idea how to approach them. Even the Cracking the Perimeter (OSCE) course doesn’t go beyond a trivial rewrite of SEH. In this article, I will explain the heap mechanics and show how to exploit its vulnerabilities.

Read full article →

Quarrel on the heap. Heap exploitation on a vulnerable SOAP server in Linux

Written by Marsel Shagiev

This paper discusses a challenging CTF-like task. Your goal is to get remote code execution on a SOAP server. All exploitation primitives are involved with the heap in one way or another; so, you’ll learn a lot about functions interacting with it. Also, you’ll reverse a Linux binary using a dynamic instrumentation framework.

Read full article →

Routing nightmare. How to pentest OSPF and EIGRP dynamic routing protocols

Written by necreas1ng

The magic and charm of dynamic routing protocols can be deceptive: admins trust them implicitly and often forget to properly configure security systems embedded in these protocols. In this article, I will explain what nightmares can occur if the network admin doesn’t take a good care of the security of OSPF and EIGRP routing domains.

Read full article →

First contact. Attacks on chip-based cards

Written by Timur Yunusov

Virtually all modern bank cards are equipped with a special chip that stores data required to make payments. This article discusses fraud techniques used to compromise such cards and methods used by banks to protect cardholders against attackers.

Read full article →

Log4HELL! Everything you must know about Log4Shell

Written by aLLy

Up until recently, just a few people (aside from specialists) were aware of the Log4j logging utility. However, a vulnerability found in this library attracted to it a great attention from researches nowadays. Let’s take a closer look at the origin and operation mechanism of this bug and examine the available exploits to it.

Read full article →