The success of a penetration test largely depends on how well you profile the target. What services and software does it use? Which ports and protocols are exposed? Who does it communicate with, and through what channels?…
CONTINUE READING 🡒 Category: Security
Open Redirect Vulnerability: How Attackers Exploit It for Phishing and…
Open Redirect vulnerabilities let attackers send users to a phishing site or trick them into downloading a rootkit disguised as legitimate software. Despite how serious these flaws are, even Google is in no rush to patch them.…
CONTINUE READING 🡒 Building an ESP32 Packet Sniffer: Wi‑Fi Packet Capture and Bluetooth/BLE…
It all started when we kicked off a bug and vulnerability hunting project at GS-Labs. The target hardware was quirky—no way to get root, and no trusty Ethernet either. And hackers, as you know, hate flying blind.…
CONTINUE READING 🡒 An ‘Easter Egg’ in Telegram. How to log in without…
Telegram developers are continuously improving their product: the messenger gets more and more functions every year. But some of its cool features can turn, as of a sudden, into nasty bugs. This article discusses a curious vulnerability discovered when I was investigating…
CONTINUE READING 🡒 The Great Password Collider: Recovering Passwords from Hashes Without Heavy…
It’s often necessary to recover a password when all you have is its hash. You could brute-force it on your own machine, but it’s much faster to leverage existing databases. Even public datasets contain tens of millions…
CONTINUE READING 🡒 Speech-to-Speech: Building an AI Voice Cloning Neural Network
There are more and more ways to identify someone by their voice. At the same time, researchers are finding ways to bypass these mechanisms—both to protect personal data and to break into systems that rely on them.…
CONTINUE READING 🡒 5 Simple Python Examples to Inspire You to Learn Python
Over the past decade, Python has exploded in popularity and shows no signs of slowing down—its use in both teaching programming and building applications keeps growing. Few languages can claim such broad appeal across fields as varied…
CONTINUE READING 🡒 Hamster Kombat Automation: Building an Auto-Clicker Bot to Farm Coins
In this article, I’ll walk through how I explored the feasibility of automating the fast-rising game Hamster Kombat. Not every tactic I tried worked out, but you might still find the methods useful in other contexts.
CONTINUE READING 🡒 QR Codes Demystified: How to Create a QR Code with…
QR codes are everywhere these days—major services like WhatsApp, Yandex, and AliExpress use them as an authentication method. But how secure is this approach? Is it possible to craft a QR code that, when scanned, delivers and…
CONTINUE READING 🡒 Choosing the Best PE Editor for Windows Executables: A Reverse…
The primary—and hardest—task for a hacker during a software break-in is to identify the protection mechanism and bypass it. For reconnaissance I typically use the WinDbg debugger, and for “patching” the application I rely on the Hiew…
CONTINUE READING 🡒 A Practical Guide to Stable Diffusion XL: Choosing Models, Refiners,…
If you decide to run generative image models on your own machine, you’ll quickly hit a tough choice: there are many of them, and while their outputs are similar, they’re all a bit different. In this article,…
CONTINUE READING 🡒 SI473X SDR Hacks: Building a DIY Receiver and Uncovering Hidden…
Today I’ll walk through how modern broadcast receivers are put together, using the SI473x family—single‑chip SDR receivers—as an example. Along the way, we’ll write our own library to drive these chips. You might ask, why build yet…
CONTINUE READING 🡒 MITRE ATT&CK Matrix: How the Threat Description Language Works and…
MITRE ATT&CK is one of the most widely used frameworks among cybersecurity professionals. In this article, we’ll cover how the knowledge base was created and how it’s structured—how it’s used to describe malware capabilities, profile APT groups,…
CONTINUE READING 🡒 Silent call. Concealing NTAPI calls from security tools
Since recently, EDR systems have been increasingly frequently using call stack tracing to detect malicious applications and envenom red teamer’s lives. Let’s analyze this powerful technique and find a way to fool EDR and call NTAPI covertly — so that even stack unwinding won’t…
CONTINUE READING 🡒 I Know What You Downloaded: A Website That Tracks Who…
The site’s name translates to “I Know What You Downloaded.” Its creators built a system that monitors public torrents to log lists of files downloaded via BitTorrent and the IP addresses of peers. If you download torrents…
CONTINUE READING 🡒 IMSI-Catchers Explained: Mobile Network Interception FAQ, Detection, and Protection
By now, everyone knows public Wi‑Fi hotspots aren’t safe. That doesn’t stop everyday users from relying on them—often without any VPN—even though VPN features are built into many security suites these days. A long‑standing “safer” alternative has…
CONTINUE READING 🡒 Reverse Engineering Fundamentals: Hands-On Executable Analysis in IDA Pro
In this article, we’ll dive into an in-depth static analysis using IDA Pro—the go-to disassembler for hackers and security professionals. We’ll start with the basics and steadily work our way forward, cutting through the thicket of code…
CONTINUE READING 🡒 TrueNAS CORE vs TrueNAS SCALE vs OpenMediaVault: Choosing the Right…
Despite the abundance of off‑the‑shelf NAS devices from major vendors, the urge to build and tune your own NAS shows no sign of fading. The options are dizzying: TrueNAS Core, TrueNAS Scale, openmediavault, specialized setups with Unraid…
CONTINUE READING 🡒 WebSDR: A Browser-Based Gateway to Software-Defined Radio (SDR)
They say that once you dip your toes into SDR (software-defined radio), you fall down the rabbit hole—buying all sorts of gear and tinkering with it. If that warning doesn’t scare you off, the WebSDR site is…
CONTINUE READING 🡒 10 Facts You Didn’t Know About the Python Programming Language
Python is a programming language with a relatively low barrier to entry, which is why many beginners choose it. Still on the fence about learning Python? Here are ten facts that can help you put your doubts…
CONTINUE READING 🡒