MikroTik devices are widely used in corporate networks, but in most cases they aren’t properly configured, which opens the door to various attacks. This article discusses basic RouterOS security concepts, including protection against spoofing, traffic handling, and attacks on control panels.

Immediately after getting access to the target system, the attacker tries to disable its audit tools to remain undetected as long as possible. In this article, I will explain how to blind Windows monitoring tools by manipulating the Event Tracing for Windows (ETW) subsystem.

At some point, simple identifiers cannot ensure proper access control anymore, and consumers switch to a more advanced solution: Mifare. But are Mifare-based devices actually as secure as the manufacturer claims? Let’s figure it out!

This article discusses the security of MikroTik equipment from the attacker’s perspective. Being very popular, MikroTik products are often attacked by hackers. The primary focus of this research is post-exploitation. Also, I will touch on issues plaguing RouterOS defense mechanisms that are exploited by malefactors.

Spoofing attacks are simple to deliver, and their impact is gross. This article discusses such attacks from the security perspective. The main challenge is to intelligently integrate network security solutions with production without disrupting business processes. Such integration requires a good understanding of the network and equipment specifics. In fact, this is the cornerstone of success.

Recently I discovered a new way to implement L2 tunneling against Windows networks. Inspired by the spying penguin concept, I am going to demonstrate a fresh approach to Windows post-exploitation involving a MikroTik Cloud Hosted Router (CHR) that enables you to perform pivoting and provides L2 access to the target network.

Hey guys! Today, pasta is on the menu! You will learn how to identify vulnerabilities in JavaScript engines using the Fuzzilli fuzzer. After a brief theoretical introduction, you’ll jump directly to practice. Let’s assemble the required tools and start fuzzing.