Chum Bucket. How I hacked a 20-billion corporation using a free service

Date: 19/09/2021

Author:

As you are likely aware, data breaches occur on a regular basis in this wild world. Each such incident is preceded by painstaking work: information collection and analysis, identification of security holes, selection of attack tools, etc. Today, I will reveal to our readers how I hacked the $20-billion TUI Group using publicly available free tools and my own wits.
Read full article →

Attacks on clouds. Azure and AWS hacking guide

Date: 19/09/2021

Author:

The migration of IT infrastructure to clouds is not just a tribute to fashion: this approach allows to save on technical support, backup, and administration. In addition, cloud-based infrastructure is believed to be more resistant to failures and external attacks. But the bitter truth is that even the most popular hybrid cloud services, including Azure and AWS, can be hacked. In this article, I will address basic techniques used to attack cloud environments.
Read full article →

Malware under surveillance. Sandboxes and how to detect them

Date: 16/09/2021

Author:

Boris Razor & Alex Mess

One of the ways to detect malware is to run it in a sandbox, i.e. in an isolated environment where you can monitor the program’s behavior. In this article, we will explain how sandboxes work and examine techniques allowing malicious programs to evade detection (including methods not covered in specialized literature and Internet blogs).
Read full article →

Security hole in BIG-IP. Exploiting a new vulnerability in F5 products

Date: 06/09/2021

Author:

In July 2020, a severe vulnerability was identified in the F5 product line. The bug affects inter alia BIG-IP, an application delivery controller used by many major companies, including banks and mobile operators. The vulnerability received the highest severity index because it allows unprivileged attackers to gain full control over the target system.
Read full article →

How to reinstall Windows remotely

Date: 02/06/2021

Author:

Remote work is the main trend of this year. It suddenly turned out that many things can be done more efficiently from home than sitting in the office. In my humble opinion, such a standard operation as OS reinstallation can be performed remotely as well. Today, I will show how to do this.
Read full article →

Holes in the hole. Vulnerabilities in Pi-hole allow to seize control over Raspberry Pi

Date: 01/06/2021

Author:

Three severe vulnerabilities have been recently discovered in Pi-hole, a popular app that blocks advertisement and unwanted scripts. Two of these vulnerabilities result in remote command execution, while the third one allows to escalate your privileges to root. Let’s examine the origin of these bugs and concurrently find out how to detect vulnerabilities in PHP code and Bash scripts.
Read full article →

Ultimate guide to Metasploit: how to use the renowned pentesting framework

Date: 01/06/2021

Author:

As you are likely aware, Metasploit is the most acclaimed exploitation and post-exploitation framework in the world. Even if you don’t use it, you had definitely encountered numerous references to Metasploit in our materials. In this article, I will give a brief overview of this framework, explain how our security team uses it, and provide some practical tips.
Read full article →