This is an external third-party advertising publication.
CONTINUE READING 🡒 
Poisonous fruit. How to assemble your own Wi-Fi Pineapple and…
In sci-fi movies, hackers often use small pocket devices, less than a cellphone in size, to hack a company’s wireless network, gain access to its servers, and steal passwords. This article gives you a chance to become one of such hackers; all you need for this…
CONTINUE READING 🡒 
Invisible device. Penetrating into a local network with an ‘undetectable’…
Unauthorized access to someone else’s device can be gained not only through a USB port, but also via an Ethernet connection – after all, Ethernet sockets are so abundant in modern offices and public spaces. In this article, I will explain how to penetrate into…
CONTINUE READING 🡒 
Evil modem. Establishing a foothold in the attacked system with…
If you have direct access to the target PC, you can create a permanent and continuous communication channel with it. All you need for this is a USB modem that must be slightly modified first. In this article, I will explain in detail how…
CONTINUE READING 🡒 
Evil Ethernet. BadUSB-ETH attack in detail
If you have a chance to plug a specially crafted device to a USB port of the target computer, you can completely intercept its traffic, collect cookies and passwords, and hack the domain controller. The attack is delivered over Wi-Fi, and this article explains how to implement it.
CONTINUE READING 🡒 
VERY bad flash drive. BadUSB attack in detail
BadUSB attacks are efficient and deadly. This article explains how to deliver such an attack, describes in detail the preparation of a malicious flash drive required for it, provides code that must be written on this device, and discusses how to make Windows and Linux users plug your…
CONTINUE READING 🡒 
Croc-in-the-middle. Using crocodile clips do dump traffic from twisted pair…
Some people say that eavesdropping is bad. But for many security specialists, traffic sniffing is a profession, not a hobby. For some reason, it’s believed that this process requires special expensive equipment, but today, I will show how network traffic…
CONTINUE READING 🡒 
Cold boot attack. Dumping RAM with a USB flash drive
Even if you take efforts to protect the safety of your data, don’t attach sheets with passwords to the monitor, encrypt your hard drive, and always lock your computer before leaving it unattended, this doesn’t guarantee that your information is safe. Your RAM can…
CONTINUE READING 🡒 
Sad Guard. Identifying and exploiting vulnerability in AdGuard driver for…
Last year, I discovered a binary bug in the AdGuard driver. Its ID in the National Vulnerability Database is CVE-2022-45770. I was disassembling the ad blocker and found a way to use the identified vulnerability for local privilege escalation. As a bonus, this article gives insight into…
CONTINUE READING 🡒 
Kung fu enumeration. Data collection in attacked systems
In penetration testing, there’s a world of difference between reconnaissance (recon) and data collection (enum). Recon involves passive actions; while enum, active ones. During recon, you use only open sources (OSINT), and the target system is not affected in any way (i.e. all…
CONTINUE READING 🡒 
Serpent pyramid. Run malware from the EDR blind spots!
In this article, I’ll show how to modify a standalone Python interpreter so that you can load malicious dependencies directly into memory using the Pyramid tool (not to be confused with the web framework of the same name). Potentially, this enables you to evade…
CONTINUE READING 🡒 
Attacks on the DHCP protocol: DHCP starvation, DHCP spoofing, and…
Chances are high that you had dealt with DHCP when configuring a router. But are you aware of risks arising if this protocol is misconfigured on a company’s server? Using its misconfigurations, not only can a hacker disable the DHCP server, but also deliver…
CONTINUE READING 🡒 
Poisonous spuds. Privilege escalation in AD with RemotePotato0
This article discusses different variations of the NTLM Relay cross-protocol attack delivered using the RemotePotato0 exploit. In addition, you will learn how to hide the signature of an executable file from static analysis.
CONTINUE READING 🡒 
Infiltration and exfiltration. Data transmission techniques used in pentesting
Imagine a situation: you managed to penetrate the network perimeter and gained access to a server. This server is part of the company’s internal network, and, in theory, you could penetrate there as well. Too bad, the compromised node is in the DMZ and doesn’t have access to the Internet.…
CONTINUE READING 🡒 
Nightmare Spoofing. Evil Twin attack over dynamic routing
Attacks on dynamic routing domains can wreak havoc on the network since they disrupt the routing process. In this article, I am going to present my own modification of the Evil Twin attack designed to intercept data in OSPF-based networks. I will also demonstrate how…
CONTINUE READING 🡒 
Herpaderping and Ghosting. Two new ways to hide processes from…
The primary objective of virus writers (as well as pentesters and Red Team members) is to hide their payloads from antiviruses and avoid their detection. Various techniques are used for this purpose. This paper discusses two of them: Herpaderping and Ghosting.
CONTINUE READING 🡒 
SIGMAlarity jump. How to use Sigma rules in Timesketch
Information security specialists use multiple tools to detect and track system events. In 2016, a new utility called Sigma appeared in their arsenal. Its numerous functions will save you time and make your life much easier.
CONTINUE READING 🡒 
Pivoting District: GRE Pivoting over network equipment
Too bad, security admins often don’t pay due attention to network equipment, which enables malefactors to hack such devices and gain control over them. What if attackers have already seized control over your peripherals? Will they be able to access the internal infrastructure?
CONTINUE READING 🡒 
First Contact: Attacks on Google Pay, Samsung Pay, and Apple…
Electronic wallets, such as Google Pay, Samsung Pay, and Apple Pay, are considered the most advanced and secure payment tools. However, these systems are also plagued by vulnerabilities because they use technologies created thirty years ago. This article describes techniques…
CONTINUE READING 🡒 
Ethernet Abyss. Network pentesting at the data link layer
When you attack a network at the data link layer, you can ‘leapfrog’ over all protection mechanisms set at higher levels. This article will walk you through most of the attack vectors targeting this lowest level of the network.
CONTINUE READING 🡒