Cookies, browsing history, saved passwords, and data from the Windows Registry – all this information can be easily retrieved by a person who gets physical access to your PC. That’s why every hacker must know how to delete logs, caches, and other cookies to protect…
CONTINUE READING 🡒 Category: Security
Divination by IPsec logs: A practical guide to IKE protocol
IPsec was designed as a universal protocol stack for VPN – the ultimate solution rendering all alternative protocols unnecessary. However, the existence of OpenVPN, WireGuard, and many other protocols clearly indicates that the developers of IPsec failed to achieve their goal.
CONTINUE READING 🡒 
Chum Bucket. How I hacked a 20-billion corporation using a…
As you are likely aware, data breaches occur on a regular basis in this wild world. Each such incident is preceded by painstaking work: information collection and analysis, identification of security holes, selection of attack tools, etc. Today, I will reveal to our readers…
CONTINUE READING 🡒 
Attacks on clouds. Azure and AWS hacking guide
The migration of IT infrastructure to clouds is not just a tribute to fashion: this approach allows to save on technical support, backup, and administration. In addition, cloud-based infrastructure is believed to be more resistant to failures and external attacks. But the bitter truth is that even the most popular hybrid cloud services,…
CONTINUE READING 🡒 
Malware under surveillance. Sandboxes and how to detect them
Boris Razor & Alex Mess One of the ways to detect malware is to run it in a sandbox, i.e. in an isolated environment where you can monitor the program’s behavior. In this article, we will explain how sandboxes work and examine techniques allowing malicious…
CONTINUE READING 🡒 
Security hole in BIG-IP. Exploiting a new vulnerability in F5…
In July 2020, a severe vulnerability was identified in the F5 product line. The bug affects inter alia BIG-IP, an application delivery controller used by many major companies, including banks and mobile operators. The vulnerability received the highest severity index because it allows unprivileged…
CONTINUE READING 🡒 
Holes in the hole. Vulnerabilities in Pi-hole allow to seize…
Three severe vulnerabilities have been recently discovered in Pi-hole, a popular app that blocks advertisement and unwanted scripts. Two of these vulnerabilities result in remote command execution, while the third one allows to escalate your privileges to root. Let’s examine the origin of these bugs and concurrently find…
CONTINUE READING 🡒 
Ultimate guide to Metasploit: how to use the renowned pentesting…
As you are likely aware, Metasploit is the most acclaimed exploitation and post-exploitation framework in the world. Even if you don’t use it, you had definitely encountered numerous references to Metasploit in our materials. In this article, I will give a brief overview of this framework,…
CONTINUE READING 🡒 
Ultimate guide to PowerShell Empire: from installation to persistence in…
Empire is a popular post-exploitation tool for Windows, Linux, and macOS. This article addresses all key aspects of this framework, including its most frequently used functions. Even if you are a seasoned pentester, you will likely find something new and useful in this material.
CONTINUE READING 🡒 
Useless Crap? No, not nearly! Advance your binary exploitation skills…
PWN challenges are my favorite tasks at CTF contests. Such tasks effectively train you in real-life code analysis, while their write-ups usually describe all fine details, even those already addressed by other authors. Today, I will explain how to solve…
CONTINUE READING 🡒 
Spying penguin. Windows post-exploitation with a Linux-based VM
Windows-based systems are significantly more resistant against MITM attacks in comparison with Linux-based ones. The reason is simple: Windows does not include a handy mechanism to forward transit packets. Today, I will explain how to use a minimalist Linux system running on a virtual machine…
CONTINUE READING 🡒 
Seizing subdomains. How I took over Microsoft subdomains and how…
A few years ago, I managed to take over subdomains on Microsoft websites and got access to the mail and files of Outlook and OneDrive users, as well as user profile data on Xbox.com. Today, I am…
CONTINUE READING 🡒 
Stratosphere flight. How to crack Struts using an Action app…
Today, I will show how to conquer the stratosphere - i.e. gain root access on the Stratosphere VM available on [Hack The Box](https://www.hackthebox.eu/) CTF grounds. To capture the root flag, I will have to overcome the Apache…
CONTINUE READING 🡒 
The PWN realm. Modern techniques for stack overflow exploitation
The buffer overflow vulnerability is an extremely popular topic on hackers' forums. In this article, I will provide a universal and practically-oriented 'introduction' for enthusiasts studying the basics of low-level exploitation. Using stack overflow as an example,…
CONTINUE READING 🡒 
Python reverse shell. How to boost your networking capacity with…
In this article, I will show how Python scripts can be used to transmit messages between two computers connected to the web. You may need to perform such an operation while developing an app, pentesting a corporate…
CONTINUE READING 🡒 
Hack in one click. Comparing automated vulnerability scanners
Searches for vulnerabilities require special knowledge, extensive experience, and a sixth sense. But what about novice security researchers? They have no experience and cannot gain it because don't know where to start from. This is where automated…
CONTINUE READING 🡒 
Compressed Token Format (CTF). One-time passwords, LDAP injections, and tricks…
Today, I will explain how to hack the CTF virtual machine available on [Hack The Box](https://www.hackthebox.eu/) training grounds. For the purposes of this article, the abbreviation "CTF" refers to Compressed Token Format, not Capture the Flag. This…
CONTINUE READING 🡒 
Ghostcat. How to exploit a new RCE vulnerability in Apache…
This article addresses a vulnerability in Apache Tomcat that enables the attacker to read files on the server and, under certain conditions, execute arbitrary code. The problem lies in the implementation of the AJP protocol used to…
CONTINUE READING 🡒 
Conquering the web. Application instruction for OWASP Testing Guide v4
Web security is a very broad term. It includes bugs in old protocols, usage of dangerous techniques, trivial human errors made by developers, and more. It is difficult to test products in such a broad area without…
CONTINUE READING 🡒 
Pentester’s suitcase: Identifying OS on remote host
As you are aware, any penetration test starts from information collection. You have to find out what operating system is running on the remote host, and only then you can start looking for vulnerabilities in it. This…
CONTINUE READING 🡒