SDR (software defined radio) is a radio communication system that uses software to convert radio signals into digital code. This provides tremendous possibilities for the analysis of radio signals, and plenty of SDRs are currently available on the market. In this article, I will explain…
CONTINUE READING 🡒 
Useless Crap? No, not nearly! Advance your binary exploitation skills…
PWN challenges are my favorite tasks at CTF contests. Such tasks effectively train you in real-life code analysis, while their write-ups usually describe all fine details, even those already addressed by other authors. Today, I will explain how to solve…
CONTINUE READING 🡒 
Poisonous Python. Coding malware in Python: a locker, an encryptor,…
Why write malware in Python? First, to learn the basics of malicious coding and, second, to practice in this programming language. After all, malware written in Python is widespread in this wild world, and many antiviruses don’t detect it.
CONTINUE READING 🡒 
Battle smartphone. How to transform your Android device into ‘hackerphone’…
In sci-fi movies, hackers use cellphones to compromise heavily protected networks. Up until recently, it was just a fantasy, but now this fantasy becomes a reality. In this article, I will explain how to transform your phone into a powerful hacking tool.
CONTINUE READING 🡒 
Spying penguin. Windows post-exploitation with a Linux-based VM
Windows-based systems are significantly more resistant against MITM attacks in comparison with Linux-based ones. The reason is simple: Windows does not include a handy mechanism to forward transit packets. Today, I will explain how to use a minimalist Linux system running on a virtual machine…
CONTINUE READING 🡒 
MicroB. Writing BASIC in assembler language and squeezing it into…
Want some practice in assembler? Today, I will show step-by-step how to write a BASIC interpreter and run it from the boot sector of your PC. My interpreter includes overlapping subprograms with branching recursion – otherwise, BASIC won’t fit in 512 bytes. It’s quite…
CONTINUE READING 🡒 
Android security: evolution from version 1 to version 11
For a long time, Android was known as a slow and insecure OS for losers unable to afford an iPhone. Is this still true, and was Android really so bad? Leaving aside the interface smoothness and OS capacity, I am going to briefly discuss the evolution of the worst…
CONTINUE READING 🡒 
Android SSL Pinning
Introduction Modern requirements to mobile data processing apps designed for work with personal and financial data include secure data transfer over the Internet. SSL pinning is a mechanism used to satisfy this requirement: it enables the user…
CONTINUE READING 🡒 
Seizing subdomains. How I took over Microsoft subdomains and how…
A few years ago, I managed to take over subdomains on Microsoft websites and got access to the mail and files of Outlook and OneDrive users, as well as user profile data on Xbox.com. Today, I am…
CONTINUE READING 🡒 
Stratosphere flight. How to crack Struts using an Action app…
Today, I will show how to conquer the stratosphere - i.e. gain root access on the Stratosphere VM available on [Hack The Box](https://www.hackthebox.eu/) CTF grounds. To capture the root flag, I will have to overcome the Apache…
CONTINUE READING 🡒 
The PWN realm. Modern techniques for stack overflow exploitation
The buffer overflow vulnerability is an extremely popular topic on hackers' forums. In this article, I will provide a universal and practically-oriented 'introduction' for enthusiasts studying the basics of low-level exploitation. Using stack overflow as an example,…
CONTINUE READING 🡒 
Python reverse shell. How to boost your networking capacity with…
In this article, I will show how Python scripts can be used to transmit messages between two computers connected to the web. You may need to perform such an operation while developing an app, pentesting a corporate…
CONTINUE READING 🡒 
Hack in one click. Comparing automated vulnerability scanners
Searches for vulnerabilities require special knowledge, extensive experience, and a sixth sense. But what about novice security researchers? They have no experience and cannot gain it because don't know where to start from. This is where automated…
CONTINUE READING 🡒 
Compressed Token Format (CTF). One-time passwords, LDAP injections, and tricks…
Today, I will explain how to hack the CTF virtual machine available on [Hack The Box](https://www.hackthebox.eu/) training grounds. For the purposes of this article, the abbreviation "CTF" refers to Compressed Token Format, not Capture the Flag. This…
CONTINUE READING 🡒 
Ghostcat. How to exploit a new RCE vulnerability in Apache…
This article addresses a vulnerability in Apache Tomcat that enables the attacker to read files on the server and, under certain conditions, execute arbitrary code. The problem lies in the implementation of the AJP protocol used to…
CONTINUE READING 🡒 
Conquering the web. Application instruction for OWASP Testing Guide v4
Web security is a very broad term. It includes bugs in old protocols, usage of dangerous techniques, trivial human errors made by developers, and more. It is difficult to test products in such a broad area without…
CONTINUE READING 🡒 
Pentester’s suitcase: Identifying OS on remote host
As you are aware, any penetration test starts from information collection. You have to find out what operating system is running on the remote host, and only then you can start looking for vulnerabilities in it. This…
CONTINUE READING 🡒 
DoS attacks on ModSecurity: Exploiting critical bug in popular WAF
A critical vulnerability resulting in a denial-of-service error has been recently discovered in ModSecurity, a popular web application firewall (WAF) for Apache, IIS, and Nginx. The bug is truly severe: not only does the library stop working,…
CONTINUE READING 🡒 
Protecting MikroTik. How to make your router safe
Firmware of popular routers often contains errors identified by security researchers on a regular basis. However, it is not enough just to find a bug - it must be neutralized. Today, I will explain how to protect…
CONTINUE READING 🡒 
The deplorable four. Testing free antiviruses: Huorong, Preventon, Zoner, and…
Today, I am going to battle-test four antivirus programs: a British one, a Chinese one (featuring an original engine), a Finnish one, and an exciting Czech project at the beta-version stage. All of them are free and…
CONTINUE READING 🡒