HackMag – Page 32 – Tech magazine for cybersecurity specialists

Setting Up a Personal Cloud with Nextcloud: Is It Worth the Effort?

Date: 09/07/2025

“Should I install some software to make it easier to organize files on the server, share them, and access them from my phone?” I thought, and that’s when everything started to unfold! Even though my initial needs were modest, I decided to first take a look at Nextcloud—a personal cloud platform that not only replaces Dropbox but also does a bunch of other things, including document editing and even downloading torrents and videos from YouTube.

Read full article →

You won’t escape! Hijacking user sessions in Windows

Date: 08/07/2025

Author: MichelleVermishelle

How often do you encounter a much-desired domain admin session on an outdated Windows 7 workstation? In the hands of a ~~hacker~~ pentester, this admin account is a ‘master key’ that can unlock the entire network. But imagine that an evil antivirus prevents you from dumping LSASS. What would you do in such a situation? How to hijack a user session bypassing all security mechanisms?

Read full article →

Hijacking COM. Abusing COM classes to hijack user sessions

Date: 03/07/2025

Author: MichelleVermishelle

As you are likely aware, Windows assigns a unique session to each user logging into the system. And if somebody logs into an already hacked device, you can hijack that person’s session. This article discusses a promising privilege escalation technique: the attacker steals users’ sessions using COM classes.

Read full article →

Bluetooth vulnerabilities can be used for eavesdropping and data theft

📟 News

Date: 30/06/2025

Author: HackMag

Airoha Bluetooth chipsets installed in dozens of audio devices from various manufacturers can be used for eavesdropping and theft of sensitive data.

Read full article →

Anger management. Welcome to Angr, a symbolic emulation framework

Date: 30/06/2025

Author: mr.grogrig

Angr is an unbelievably powerful emulator. This crossplatform tool supports all most popular architectures; using it, you can search for vulnerabilities both in PE32 on Linux and in router firmware on Windows. Let’s examine this binary analysis framework in more detail using Linux as an example.

Read full article →

Partying by the pool. Mastering PoolParty process injection techniques

Date: 26/06/2025

Author: Nik Zerof

PoolParty is a new type of injections into legitimate processes that abuses Windows Thread Pools, a sophisticated thread management mechanism. Let’s dissect Windows Thread Pools to find out how it can be used for pentesting purposes.

Read full article →

OAuth from top to bottom. Examining protocol features and basic attacks targeting OAuth

Date: 23/06/2025

Author: Maksim Rogov

Most modern websites have an authentication form, and in its lower part you can often see buttons enabling you to sign in via various social networks. This login mechanism is based on the OAuth protocol, and today you’ll learn its structure and main vulnerabilities. At the end, you’ll solve two laboratory tasks to solidify the newly-gained knowledge.

Read full article →