Poisoned documents. How to exploit dangerous Microsoft Office bugs

This article addresses several critical vulnerabilities in Microsoft Office programs. They aren’t new and had caused a great stir a while back. Metasploit Framework modules have already been developed for these bugs, and plenty of related projects are available on GitHub. However, unpatched copies of Microsoft Office (starting from version 2003 and up to and including Office 2016) still remain in the wild dragging down corporate security and opening paths for malicious attacks.

Read full article →


Hacked IP camera. Searching for vulnerabilities in smart gadgets

The security of home gadgets is a burning topic. Botnet attacks such as Mirai affect millions of devices and inflict huge damages. Ethical hackers continue discovering vulnerabilities in popular gadgets, which manufacturers don’t rush fixing. In this article, I will tell how to check your hardware for security issues using a popular IP camera as an example. Spoiler: it is plagued by tons of vulnerabilities.

Read full article →


Boost your Nmap! Empowering iconic network scanner with NSE scripts

Nmap is an iconic scanner broadly used by hackers, and many of them are wondering how to expand its capacity. In most cases, Nmap is used in combination with other software tools. In this article, I’ll explain how to use it together with your favorite utilities. After all, it is much easier to push a button and get the result rather then endlessly repeat the same sequence. Nmap scripts enable hackers to hack networks in a more automated way and help system administrators identify and eliminate built-in vulnerabilities in their protected perimeters.

Read full article →


The taming of Kerberos. Seizing control over Active Directory on a HackTheBox virtual PC

In this article, I am going to show how to escalate from an unprivileged user to the administrator of the Active Directory domain controller. The demonstration will be performed on a virtual PC available for hacking on the HackTheBox online platform, the place where aspiring hackers polish their pentesting and cybersecurity skills. Of course, this VM is not overly complex, but if you intend to pentest corporate networks, it is very important to learn how to work with Active Directory

Read full article →


A brief guide to programmable logic controllers. Searching for vulnerabilities in industrial PLC devices

Many users believe that controllers installed in buildings and factories are protected better than home gadgets. They are wrong. Today, I will show you how to hack programmable logic controllers using a Linux-based computer. A Linx-150 automation server will be used as an example. You can use this method as a hacking guide for other similar pieces of equipment.

Read full article →