Date: 12/02/2016
Until recently, based on the results of surveys and personal experience, I had the impression that users believe that the value of data stored on a device greatly exceeds the cost of the device itself. Why until recently? Well, the current US dollar exchange rate means that I haven’t seen such surveys among new iPhone users :).
Date: 09/02/2016
Everyday, new vulnerabilities are discovered in mobile devices that can be exploited by intruders. They can send an SMS to a pay-per-call number, they can collect and sell a large database of contact details, and they can also compromise a specific individual. Successful exploitation of a vulnerability requires that a whole range of conditions are met. There is another way, however! Provide the user with a really useful application (a game with birds), whose manifest contains a list of device information that we are interested in. In this article, we will look at ways of obtaining and saving important information from an Android device.
Date: 30/01/2016
Active Directory is a phenomenon that comes about quite often during the security testing of large companies. It is all too common to come across not a single domain in a single forest, but rather a more interesting structure with more branches. So today we are going to focus on how to perform reconnaissance and study forest structures. We will also look at possibilities for increasing privileges. Then we will conclude by compromising an enterprise's entire forest!
Date: 22/01/2016
According to cvedetails.com, more than 1,305 vulnerabilities have been found in the Linux core since 1999. Sixty-eight of these were in 2015. Most of them don't cause many problems (they are marked as Local and Low), and some may cause problems only if they are attached to certain applications or OS settings. In reality these numbers are not that big, but the core is not the entire OS. There are also vulnerabilities found in GNU Coreutils, Binutils, glibs and, of course, user applications. Let's take a look at the most interesting of the bunch.
Date: 19/01/2016
The phrase “hacking utilities” has gradually come to acquire a negative meaning. Antivirus software teams curse them out, and users look down on them, placing them on a par with potential threats. But one can perform an audit and other relatively significant tasks simply from the browser, if it is prepared properly. In this article we take a look at the respective add-ons to Chrome, but one can find similar additions for Firefox as well.
Date: 07/01/2016
How can we isolate suspicious processes in Windows and not destroy the OS? How can we create a reliable and Windows-compatible sandbox without hardware virtualization and kernel function hooking, but with the use of documented default OS security mechanisms? In this article we will be discussing the most common problems faced by sandbox developers (and, as a result, consumers). And of course we will also offer our own solutions.
Date: 05/01/2016
So you've decided to jailbreak your device, downloaded a proper utility from the website pangu or taig, connected your smartphone to your computer, and launched the application. After several reboots, a message was displayed on the screen confirming the jailbreak's success and the Cydia application was installed on the device. It seems that everything worked fine, but what's next? If you've ever asked yourself this question, this article is for you.