Once I was asked: is it possible to write a reverse shell some 200 bytes in size? This shell should perform the following functions: change its name and PID on a regular basis, make you coffee, and hack the Pentagon… Too bad, this is most likely impossible.…
CONTINUE READING 🡒 
F#ck da Antivirus! How to bypass antiviruses during pentest
Antiviruses are extremely useful tools – but not in situations when you need to remain unnoticed on an attacked network. Today, I will explain how to fool antivirus programs and avoid detection in compromised systems during penetration testing.
CONTINUE READING 🡒 
Dangerous developments: An overview of vulnerabilities in coding services
Development and workflow management tools represent an entire class of programs whose vulnerabilities and misconfigs can turn into a real trouble for a company using such software. For a pentester, knowledge of these bugs is a way to successful exploitation; while for an admin, it’s a great opportunity to enhance…
CONTINUE READING 🡒 
Kernel exploitation for newbies: from compilation to privilege escalation
Theory is nothing without practice. Today, I will explain the nature of Linux kernel vulnerabilities and will shown how to exploit them. Get ready for an exciting journey: you will create your own Linux kernel module and use it to escalate your privileges to superuser. Then…
CONTINUE READING 🡒 
First contact: An introduction to credit card security
I bet you have several cards issued by international payment systems (e.g. Visa or MasterCard) in your wallet. Do you know what algorithms are used in these cards? How secure are your payments? People pay with such cards every day…
CONTINUE READING 🡒 
Bug in Laravel. Disassembling an exploit that allows RCE in…
Bad news: the Ignition library shipped with the Laravel PHP web framework contains a vulnerability. The bug enables unauthorized users to execute arbitrary code. This article examines the mistake made by the Ignition developers and discusses two exploitation methods for this vulnerability.
CONTINUE READING 🡒 
Step by Step. Automating multistep attacks in Burp Suite
When you attack a web app, you sometimes have to perform a certain sequence of actions multiple times (e.g. brute-force a password or the second authentication factor, repeatedly use the same resource, etc.). There are plenty of tools designed for this purpose. Which one to choose…
CONTINUE READING 🡒 
Post-quantum VPN. Understanding quantum computers and installing OpenVPN to protect…
Quantum computers have been widely discussed since the 1980s. Even though very few people have dealt with them by now, such devices steadily become a harsh reality threatening traditional cryptography. In response to this threat, computer engineers have developed post-quantum encryption…
CONTINUE READING 🡒 
First contact. Attacks against contactless cards
Contactless payment cards are very convenient: you just tap the terminal with your card, and a few seconds later, your phone rings indicating that the transaction is completed. But this convenience has a downside: malefactors can steal money from such cards. This…
CONTINUE READING 🡒 
Pentest in your own way. How to create a new…
Each aspiring pentester or information security enthusiast wants to advance at some point from reading exciting write-ups to practical tasks. How to do this in the best way and what should you pay attention to in the first place? In this article, I will describe my own…
CONTINUE READING 🡒 
Persistence cheatsheet. How to establish persistence on the target host…
Once you have got a shell on the target host, the first thing you have to do is make your presence in the system ‘persistent’. In many real-life situations, you have only one RCE attempt and cannot afford losing access due to some unexpected event.
CONTINUE READING 🡒 
It’s a trap! How to create honeypots for stupid bots
If you had ever administered a server, you definitely know that the password-based authentication must be disabled or restricted: either by a whitelist, or a VPN gateway, or in some other way. We decided to conduct an experiment and check what happens if this simple step isn’t taken.
CONTINUE READING 🡒 
Digging to the bottom. Escalating privileges to root with kernel…
This article discusses one of the most sophisticated PWN topics: kernel exploitation in Linux. You are about to learn what tools are required for kernel debugging, what are LKM, KGDB, IOCTL, and TTY, and many other exciting things!
CONTINUE READING 🡒 
The big heap adventure. Mastering heap exploitation techniques on a…
This article covers the following topics: memory management algorithms in Linux, heap exploitation techniques, and exploitation of the Use-After-Free (UAF) vulnerability on a host where all protection mechanisms are enabled. The target machine is RopeTwo, one of the most hardcore VMs on Hack The Box.
CONTINUE READING 🡒 Secrets of V8 Engine. Dissecting Chrome on a Hack The…
No, this article isn’t about motor cylinders and valves – it’s about Google V8 Engine used in Chromium and Android. Today, I will show how to hack it on RopeTwo, the most hardcore VM on Hack The Box. Concurrently, you will learn what types of data…
CONTINUE READING 🡒 
Lateral movement guide: Remote code execution in Windows
Penetration into the target network is just the first stage of a hacking attack. At the next stage, you have to establish a foothold there, steal users’ credentials, and gain the ability to run arbitrary code in the system. This article discusses techniques used to achieve the above goals and explains…
CONTINUE READING 🡒 
Fatal mistakes. How to identify logical vulnerabilities in web apps
Analysis of all kinds of vulnerabilities is one of the main HackMag topics. In this article, I will use four classical pentesting tasks to explain how to identify bugs in web apps.
CONTINUE READING 🡒 
Searching for leaks: How to find and steal databases
News portals report large-scale data leaks nearly on a daily basis. Such accidents occur with all kinds of computer systems all over the world; the severity of their consequences varies from devastating to disastrous. In this article, I will show how easy it is to…
CONTINUE READING 🡒 
Controlling Android. Dangerous APIs enable hackers to intercept data and…
In addition to traditional permissions, Android has three metapermissions that open access to very dangerous APIs enabling the attacker to seize control over the device. In this article, I will explain how to use them so that you can programmatically press smartphone buttons, intercept…
CONTINUE READING 🡒 
Coronavirus in darknet. New arrivals on black markets amid the…
Amid the COVID-19 pandemic, plenty of products supposed to protect you against COVID-19, or ease the course of the disease, or even heal you became available on the darknet (as well as on legitimate marketplaces). Because the shady segment of the global network is of utmost interest to hackers, I…
CONTINUE READING 🡒