Date: 04/08/2020
Some unknown hackers have recently attacked Travelex foreign exchange company using REvil ransomware. This trojan employs simple but efficient obfuscation techniques that conceal its WinAPI calls from the victim. Let’s see how the encoder works.
Date: 04/08/2020
How to seize control over a host located in a different subnetwork? The right answer is: build numerous intricate tunnels. This article addresses tunneling techniques and their application in pentesting using as an example Reddish, a hardcore virtual machine (insane difficulty level: 8 out of 10) available on Hack The Box training grounds.
Date: 04/08/2020
Hacking web sites is one of the most common attack types. This article is dedicated to such attacks and protection against them. I will address the pentesting basics for web applications and explain how to deal with popular web engines using real-life examples.
Date: 04/08/2020
Gangs of teenagers with portable Bluetooth speakers playing loud music drive me nuts. Today, I will explain how to neutralize this ‘natural disaster’ without (OK, almost without) committing a criminal offense.
Date: 04/08/2020
Not long ago, researchers have discovered two severe vulnerabilities in Apache Solr, a popular open-source full-text search platform. The first bug relates to incorrect handling of Velocity templates, while the second one originates from the DataImportHandler module. Their exploitation enables the attacker to execute commands remotely; therefore, both vulnerabilities must be treated as critical.
Date: 04/08/2020
In this article, I will demonstrate a few simple and common -although efficient! – Wi-Fi pentesting tricks: hiding your MAC address when you scan a network and attack WPA2, identification of ‘hidden’ networks, bypassing MAC filtering, and jamming access points.
Date: 26/06/2020
Compromising a domain controller involves more than just finding a known vulnerability, stealing user credentials, or identifying an error in the security policy settings. The above ‘achievements’ grant only the minimum access level that may be insufficient for your goals. Therefore, to deliver a successful attack, you must escalate your system privileges in Active Directory. This article is dedicated to this intriguing process.