• News
  • Mobile
  • Security
  • Malware
  • Coding
  • Unix
  • DevOps
  • Log In
  • Sign Up
  • No bullshit
  • Cookie Policy
  • Privacy Policy
Log In / Sign Up

Category: Security

Diabolically reddish pentest. Building tunneling chains through docker containers on a Hack the Box virtual machine
Security

Diabolically reddish pentest. Building tunneling chains through docker containers on…

04.08.202008/04/2025snovvcrash450
How to seize control over a host located in a different subnetwork? The right answer is: build numerous intricate tunnels. This article addresses tunneling techniques and their application in pentesting using as an example Reddish, a hardcore…
CONTINUE READING 🡒
Hack the web! Checking web sites for vulnerabilities and exploiting them
Security

Hack the web! Checking web sites for vulnerabilities and exploiting…

04.08.202008/04/20258bit500
Hacking web sites is one of the most common attack types. This article is dedicated to such attacks and protection against them. I will address the pentesting basics for web applications and explain how to deal with…
CONTINUE READING 🡒
DDoS attacks on Bluetooth. How to disable annoying portable speakers
Security

DDoS attacks on Bluetooth. How to disable annoying portable speakers

04.08.202005/08/2020Ghoustchat13613
Gangs of teenagers with portable Bluetooth speakers playing loud music drive me nuts. Today, I will explain how to neutralize this 'natural disaster' without (OK, almost without) committing a criminal offense.
CONTINUE READING 🡒
Solar stroke. Two severe vulnerabilities in Apache Solr
Security

Solar stroke. Two severe vulnerabilities in Apache Solr

04.08.202008/04/2025aLLy600
Not long ago, researchers have discovered two severe vulnerabilities in Apache Solr, a popular open-source full-text search platform. The first bug relates to incorrect handling of Velocity templates, while the second one originates from the DataImportHandler module.…
CONTINUE READING 🡒
Over-the-air tricks. Simple and effective Wi-Fi pentesting techniques
Security

Over-the-air tricks. Simple and effective Wi-Fi pentesting techniques

04.08.202008/04/2025Ivan Piskunov430
In this article, I will demonstrate a few simple and common -although efficient! - Wi-Fi pentesting tricks: hiding your MAC address when you scan a network and attack WPA2, identification of 'hidden' networks, bypassing MAC filtering, and…
CONTINUE READING 🡒
Attacking Active Directory. An overview of actual privilege escalation techniques
Security

Attacking Active Directory. An overview of actual privilege escalation techniques

26.06.202008/04/2025RalfHacker530
Compromising a domain controller involves more than just finding a known vulnerability, stealing user credentials, or identifying an error in the security policy settings. The above 'achievements' grant only the minimum access level that may be insufficient…
CONTINUE READING 🡒
Lateral movement in Active Directory. Offensive techniques used to attack the domain
Security

Lateral movement in Active Directory. Offensive techniques used to attack…

26.06.202008/04/2025RalfHacker791
Imagine that you have successfully retrieved users' accounts in a network with an Active Directory domain controller and escalated your privileges. But what if you control not the entire network, but just a small segment of it?…
CONTINUE READING 🡒
Hacker’s toolbox 2020. Pentesting devices you should have at hand
Security

Hacker’s toolbox 2020. Pentesting devices you should have at hand

26.06.202008/04/2025Ilya Shaposhnikov370
HackMag selected fifteen devices enabling you to pentest everything: from mechanisms to contactless cards. This list does not include trivial tools, like screwdrivers and soldering irons, because everybody chooses them individually. Hopefully, this toolkit would be useful…
CONTINUE READING 🡒
Cyberdolphin. The story of Flipper — hacker’s Swiss Army knife
Security

Cyberdolphin. The story of Flipper — hacker’s Swiss Army knife

26.06.202008/04/2025hackmag443
Hacking and pentesting are normally associated with hours-long sitting at your computer, but this is not quite so: many devices and wireless networks can be accessed only personally. In such situations, you need a hacking multitool -…
CONTINUE READING 🡒
Wi-Fi total PWN. Mastering actual Wi-Fi pentesting techniques from scratch
Security

Wi-Fi total PWN. Mastering actual Wi-Fi pentesting techniques from scratch

04.05.202008/04/202584ckf1r3432
The best way to check the network's security is by trying to hack it. In the past, HackMag had published materials about auditing Wi-Fi networks. Unfortunately, such guides quickly become obsolete. Today, I will share some practical…
CONTINUE READING 🡒
Bug hunt. Spying devices and how to detect them
Security

Bug hunt. Spying devices and how to detect them

04.05.2020atreau302
One might think that bugs from spy movies got obsolete nowadays. Who needs this stuff if microphones and cameras are everywhere - in laptops, smartphones, and zillions of other devices? However, in most cases, it is more…
CONTINUE READING 🡒
The great mischief. Working your way to the root flag through IPv6 labyrinths on a Hack the Box virtual machine
Security

The great mischief. Working your way to the root flag…

04.05.2020snovvcrash450
In this article, I will explain how to gain superuser privileges on Mischief VM available on [Hack The Box](https://www.hackthebox.eu/) training grounds. During this journey, you will acquire some SNMP skills, understand the IPv6 routing principles, and learn…
CONTINUE READING 🡒
Secrets of the treasurer’s laptop: digital forensic analysis helps solve cybercrime
Security

Secrets of the treasurer’s laptop: digital forensic analysis helps solve…

04.05.2020Ivan Piskunov870
"Where's the money?" Or, rather, "Where did the money go?" The user of a company-owned Windows 10 laptop fell victim of a cyberfraud attack. Or maybe the employee faked it and stole the money while pointing fingers…
CONTINUE READING 🡒
Universal interception. How to bypass SSL Pinning and monitor traffic of any application
Security

Universal interception. How to bypass SSL Pinning and monitor traffic…

15.03.2020AseN501
In many cases, the research of an app's internal structure can be narrowed down to monitoring its traffic. Just a few years ago, a major share of the traffic was transmitted via the plain, easily interceptable HTTP…
CONTINUE READING 🡒
Protecting microcontrollers. Implementing Firmware Hardening and Secure Boot on STM32
Security

Protecting microcontrollers. Implementing Firmware Hardening and Secure Boot on STM32

15.03.2020Alexander Buraga1000
The intensity of attacks targeting IoT devices increases with year over year. New threats require a complex approach; as a result, security became the top priority for both software developers and hardware manufacturers. This article addresses the…
CONTINUE READING 🡒
Where to study pentesting? An overview of training grounds for ethical hackers
Security

Where to study pentesting? An overview of training grounds for…

15.03.202015/03/2020snovvcrash541
Today, I will give a brief overview of some of the best pentesting portals recognized by security experts. These training grounds enable ethical hackers to polish their skills while preserving 'ethicality' and exploit newly-discovered vulnerabilities while staying…
CONTINUE READING 🡒
Poisoned documents. How to exploit dangerous Microsoft Office bugs
Security

Poisoned documents. How to exploit dangerous Microsoft Office bugs

15.03.2020Ivan Piskunov510
This article addresses several critical vulnerabilities in Microsoft Office programs. They aren't new and had caused a great stir a while back. Metasploit Framework modules have already been developed for these bugs, and plenty of related projects…
CONTINUE READING 🡒
Epic pivoting. Polishing traffic routing skills on HackTheBox virtual machines
Security

Epic pivoting. Polishing traffic routing skills on HackTheBox virtual machines

15.03.2020snovvcrash380
A good knowledge of pivoting (a technique used to route traffic to the victim and back through interim hosts) is essential for any ethical hacker. Furthermore, this skill is absolutely mandatory for corporate network pentesting. In this…
CONTINUE READING 🡒
Hacked IP camera. Searching for vulnerabilities in smart gadgets
Security

Hacked IP camera. Searching for vulnerabilities in smart gadgets

28.02.202017/04/2025Ilya Shaposhnikov360
The security of home gadgets is a burning topic. Botnet attacks such as [Mirai](https://en.wikipedia.org/wiki/Mirai_(malware)) affect millions of devices and inflict huge damages. Ethical hackers continue discovering vulnerabilities in popular gadgets, which manufacturers don't rush fixing. In this…
CONTINUE READING 🡒
The taming of Kerberos. Seizing control over Active Directory on a HackTheBox virtual PC
Security

The taming of Kerberos. Seizing control over Active Directory on…

28.02.202017/04/2025snovvcrash420
In this article, I am going to show how to escalate from an unprivileged user to the administrator of the Active Directory domain controller. The demonstration will be performed on a virtual PC available for hacking on…
CONTINUE READING 🡒
« Previous 1 2 3 … 9 10 11 12 13 14 15 Next »
  • No bullshit
  • Cookie Policy
  • Privacy Policy
HackMag — Top-notch cybersecurity magazine © 2025
Support:support@hackmag.com