Pivoting is an important stage of any pentesting research: the attacker establishes a foothold in the compromised system to use it as a bridgehead for further penetration. This article examines the basic pivoting techniques used nowadays.
CONTINUE READING 🡒 
Obliterating traces: How to make Windows 10 forget everything
Cookies, browsing history, saved passwords, and data from the Windows Registry – all this information can be easily retrieved by a person who gets physical access to your PC. That’s why every hacker must know how to delete logs, caches, and other cookies to protect…
CONTINUE READING 🡒 
Divination by IPsec logs: A practical guide to IKE protocol
IPsec was designed as a universal protocol stack for VPN – the ultimate solution rendering all alternative protocols unnecessary. However, the existence of OpenVPN, WireGuard, and many other protocols clearly indicates that the developers of IPsec failed to achieve their goal.
CONTINUE READING 🡒 
Chum Bucket. How I hacked a 20-billion corporation using a…
As you are likely aware, data breaches occur on a regular basis in this wild world. Each such incident is preceded by painstaking work: information collection and analysis, identification of security holes, selection of attack tools, etc. Today, I will reveal to our readers…
CONTINUE READING 🡒 
Attacks on clouds. Azure and AWS hacking guide
The migration of IT infrastructure to clouds is not just a tribute to fashion: this approach allows to save on technical support, backup, and administration. In addition, cloud-based infrastructure is believed to be more resistant to failures and external attacks. But the bitter truth is that even the most popular hybrid cloud services,…
CONTINUE READING 🡒 
Fake address. How to change geolocation on Android devices and…
Android has a wonderful feature: you can make any program the provider of geocoordinates, so that the entire system will use the latitude and longitude provided by it. In this article, I will show how to exploit this feature and how to write a program spoofing GPS coordinates.
CONTINUE READING 🡒 
Malware under surveillance. Sandboxes and how to detect them
Boris Razor & Alex Mess One of the ways to detect malware is to run it in a sandbox, i.e. in an isolated environment where you can monitor the program’s behavior. In this article, we will explain how sandboxes work and examine techniques allowing malicious…
CONTINUE READING 🡒 
Security hole in BIG-IP. Exploiting a new vulnerability in F5…
In July 2020, a severe vulnerability was identified in the F5 product line. The bug affects inter alia BIG-IP, an application delivery controller used by many major companies, including banks and mobile operators. The vulnerability received the highest severity index because it allows unprivileged…
CONTINUE READING 🡒 
How to reinstall Windows remotely
Remote work is the main trend of this year. It suddenly turned out that many things can be done more efficiently from home than sitting in the office. In my humble opinion, such a standard operation as OS reinstallation can be performed remotely as…
CONTINUE READING 🡒 
Holes in the hole. Vulnerabilities in Pi-hole allow to seize…
Three severe vulnerabilities have been recently discovered in Pi-hole, a popular app that blocks advertisement and unwanted scripts. Two of these vulnerabilities result in remote command execution, while the third one allows to escalate your privileges to root. Let’s examine the origin of these bugs and concurrently find…
CONTINUE READING 🡒 
Ultimate guide to Metasploit: how to use the renowned pentesting…
As you are likely aware, Metasploit is the most acclaimed exploitation and post-exploitation framework in the world. Even if you don’t use it, you had definitely encountered numerous references to Metasploit in our materials. In this article, I will give a brief overview of this framework,…
CONTINUE READING 🡒 
Ultimate guide to PowerShell Empire: from installation to persistence in…
Empire is a popular post-exploitation tool for Windows, Linux, and macOS. This article addresses all key aspects of this framework, including its most frequently used functions. Even if you are a seasoned pentester, you will likely find something new and useful in this material.
CONTINUE READING 🡒 
Duck tales. How to create a wireless analogue of Rubber…
Hackers and pentesters consider BadUSB an efficient attack vector; it emulates the keyboard and performs operations on the attacked computer under the disguise of user input. Such attacks are very difficult-to-detect because neither the OS nor antiviruses suspect the keyboard of any wrongdoing. Today, I will show…
CONTINUE READING 🡒 
ZetaSDR: Assembling a software defined radio with your own hands
SDR (software defined radio) is a radio communication system that uses software to convert radio signals into digital code. This provides tremendous possibilities for the analysis of radio signals, and plenty of SDRs are currently available on the market. In this article, I will explain…
CONTINUE READING 🡒 
Useless Crap? No, not nearly! Advance your binary exploitation skills…
PWN challenges are my favorite tasks at CTF contests. Such tasks effectively train you in real-life code analysis, while their write-ups usually describe all fine details, even those already addressed by other authors. Today, I will explain how to solve…
CONTINUE READING 🡒 
Poisonous Python. Coding malware in Python: a locker, an encryptor,…
Why write malware in Python? First, to learn the basics of malicious coding and, second, to practice in this programming language. After all, malware written in Python is widespread in this wild world, and many antiviruses don’t detect it.
CONTINUE READING 🡒 
Battle smartphone. How to transform your Android device into ‘hackerphone’…
In sci-fi movies, hackers use cellphones to compromise heavily protected networks. Up until recently, it was just a fantasy, but now this fantasy becomes a reality. In this article, I will explain how to transform your phone into a powerful hacking tool.
CONTINUE READING 🡒 
Spying penguin. Windows post-exploitation with a Linux-based VM
Windows-based systems are significantly more resistant against MITM attacks in comparison with Linux-based ones. The reason is simple: Windows does not include a handy mechanism to forward transit packets. Today, I will explain how to use a minimalist Linux system running on a virtual machine…
CONTINUE READING 🡒 
MicroB. Writing BASIC in assembler language and squeezing it into…
Want some practice in assembler? Today, I will show step-by-step how to write a BASIC interpreter and run it from the boot sector of your PC. My interpreter includes overlapping subprograms with branching recursion – otherwise, BASIC won’t fit in 512 bytes. It’s quite…
CONTINUE READING 🡒 
Android security: evolution from version 1 to version 11
For a long time, Android was known as a slow and insecure OS for losers unable to afford an iPhone. Is this still true, and was Android really so bad? Leaving aside the interface smoothness and OS capacity, I am going to briefly discuss the evolution of the worst…
CONTINUE READING 🡒