• News
  • Mobile
  • Security
  • Malware
  • Coding
  • Unix
  • DevOps
  • Log In
  • Sign Up
  • No bullshit
  • Cookie Policy
  • Privacy Policy
Log In / Sign Up

Category: Security

The great mischief. Working your way to the root flag through IPv6 labyrinths on a Hack the Box virtual machine
Security

The great mischief. Working your way to the root flag…

04.05.2020snovvcrash2320
In this article, I will explain how to gain superuser privileges on Mischief VM available on [Hack The Box](https://www.hackthebox.eu/) training grounds. During this journey, you will acquire some SNMP skills, understand the IPv6 routing principles, and learn…
CONTINUE READING 🡒
Secrets of the treasurer’s laptop: digital forensic analysis helps solve cybercrime
Security

Secrets of the treasurer’s laptop: digital forensic analysis helps solve…

04.05.2020Ivan Piskunov4210
"Where's the money?" Or, rather, "Where did the money go?" The user of a company-owned Windows 10 laptop fell victim of a cyberfraud attack. Or maybe the employee faked it and stole the money while pointing fingers…
CONTINUE READING 🡒
Universal interception. How to bypass SSL Pinning and monitor traffic of any application
Security

Universal interception. How to bypass SSL Pinning and monitor traffic…

15.03.2020AseN3051
In many cases, the research of an app's internal structure can be narrowed down to monitoring its traffic. Just a few years ago, a major share of the traffic was transmitted via the plain, easily interceptable HTTP…
CONTINUE READING 🡒
Protecting microcontrollers. Implementing Firmware Hardening and Secure Boot on STM32
Security

Protecting microcontrollers. Implementing Firmware Hardening and Secure Boot on STM32

15.03.2020Alexander Buraga4380
The intensity of attacks targeting IoT devices increases with year over year. New threats require a complex approach; as a result, security became the top priority for both software developers and hardware manufacturers. This article addresses the…
CONTINUE READING 🡒
Where to study pentesting? An overview of training grounds for ethical hackers
Security

Where to study pentesting? An overview of training grounds for…

15.03.202015/03/2020snovvcrash7781
Today, I will give a brief overview of some of the best pentesting portals recognized by security experts. These training grounds enable ethical hackers to polish their skills while preserving 'ethicality' and exploit newly-discovered vulnerabilities while staying…
CONTINUE READING 🡒
Poisoned documents. How to exploit dangerous Microsoft Office bugs
Security

Poisoned documents. How to exploit dangerous Microsoft Office bugs

15.03.2020Ivan Piskunov5490
This article addresses several critical vulnerabilities in Microsoft Office programs. They aren't new and had caused a great stir a while back. Metasploit Framework modules have already been developed for these bugs, and plenty of related projects…
CONTINUE READING 🡒
Epic pivoting. Polishing traffic routing skills on HackTheBox virtual machines
Security

Epic pivoting. Polishing traffic routing skills on HackTheBox virtual machines

15.03.2020snovvcrash3170
A good knowledge of pivoting (a technique used to route traffic to the victim and back through interim hosts) is essential for any ethical hacker. Furthermore, this skill is absolutely mandatory for corporate network pentesting. In this…
CONTINUE READING 🡒
Hacked IP camera. Searching for vulnerabilities in smart gadgets
Security

Hacked IP camera. Searching for vulnerabilities in smart gadgets

28.02.202017/04/2025Ilya Shaposhnikov2680
The security of home gadgets is a burning topic. Botnet attacks such as [Mirai](https://en.wikipedia.org/wiki/Mirai_(malware)) affect millions of devices and inflict huge damages. Ethical hackers continue discovering vulnerabilities in popular gadgets, which manufacturers don't rush fixing. In this…
CONTINUE READING 🡒
The taming of Kerberos. Seizing control over Active Directory on a HackTheBox virtual PC
Security

The taming of Kerberos. Seizing control over Active Directory on…

28.02.202009/10/2025snovvcrash910
In this article, I am going to show how to escalate from an unprivileged user to the administrator of the Active Directory domain controller. The demonstration will be performed on a virtual PC available for hacking on…
CONTINUE READING 🡒
A brief guide to programmable logic controllers. Searching for vulnerabilities in industrial PLC devices
Security

A brief guide to programmable logic controllers. Searching for vulnerabilities…

28.02.202017/04/2025Egor Litvinov3450
Many users believe that controllers installed in buildings and factories are protected better than home gadgets. They are wrong. Today, I will show you how to hack programmable logic controllers using a Linux-based computer. A Linx-150 automation…
CONTINUE READING 🡒
Hide-and-Seek with Windows 10. Testing spyware and privacy protection tools
Security

Hide-and-Seek with Windows 10. Testing spyware and privacy protection tools

28.02.202009/10/20258bit4822
Over four years have passed since the release of Windows 10, and throughout this entire period, user data have been 'leaking' to Microsoft servers. The problem has been further exacerbated by Microsoft repeatedly forcing a reset of…
CONTINUE READING 🡒
The phishing harvester. Stealing account credentials with Evilginx 2
Security

The phishing harvester. Stealing account credentials with Evilginx 2

04.02.202007/03/20208bit3832
Today, we are going to examine Evilginx 2, a reverse proxy toolkit. We will also find out how to use it to bypass two-factor authentication and steal Instagram login credentials. Finally, we will build and launch a…
CONTINUE READING 🡒
“Luke, I am your fuzzer”. Automating vulnerability management
Security

“Luke, I am your fuzzer”. Automating vulnerability management

04.02.202007/03/2020Nik Zerof4220
Fuzzing is all the rage. It is broadly used today by programmers testing their products, cybersecurity researchers, and, of course, hackers. The use of fuzzers requires a good understanding of their work principles. These top-notch tools make…
CONTINUE READING 🡒
Tails below the radar: the private portable OS
Security

Tails below the radar: the private portable OS

04.02.202007/03/2020Taras Tatarinov2880
No doubt, the Tor browser is an essential privacy protection tool. However, Tor alone cannot cover you up and hide your traces. To stay undercover, you need Tails. Tails is a security-focused, Debian-based Linux distribution made to…
CONTINUE READING 🡒
Keep your eyes open! Hacking others IP and Web cameras while keeping yours safe
Security

Keep your eyes open! Hacking others IP and Web cameras…

04.02.202007/03/202084ckf1r33884
Remote access to Web cameras and security cameras is a common hacking technique. It does not require any special software or even special skills. All you need is a Web browser and a few simple manipulations. In…
CONTINUE READING 🡒
Building sniffer on the basis of ESP32. Listening on Wi-Fi, aiming at Bluetooth!
Security

Building sniffer on the basis of ESP32. Listening on Wi-Fi,…

22.01.202007/03/2020Egor Litvinov8181
One day, [GS Labs](http://en.gs-labs.ru/) research and development center launched a project to identify possible bugs and vulnerabilities in its systems. However, the tested device chosen to run the application was pretty tricky: no way to install the…
CONTINUE READING 🡒
Crack and research. Dissecting home gadgets: a full guide
Security

Crack and research. Dissecting home gadgets: a full guide

22.01.202007/03/2020Ilya Shaposhnikov2781
So you've got that flashy new high-tech gadget. It could be a smart home controller or a top-notch interactive media streaming box - the one that can tune in to thousands of channels from all over the…
CONTINUE READING 🡒
Linux post-exploitation. Advancing from user to super-user in a few clicks
Security

Linux post-exploitation. Advancing from user to super-user in a few…

22.01.202007/03/2020Ivan Piskunov4490
This article is dedicated to some of the most popular and, more importantly, working post-exploitation utilities for Linux servers. You are about to learn how to manipulate the system, gain root access, or steal valuable data right…
CONTINUE READING 🡒
Ghidra vs. IDA Pro. Strengths and weaknesses of NSA’s free reverse engineering toolkit
Security

Ghidra vs. IDA Pro. Strengths and weaknesses of NSA’s free…

28.12.201907/03/2020Nik Zerof3760
In March 2019, the National Security Agency of the US Department of Defense (NSA) has published Ghidra, a free reverse engineering toolkit. A couple of years ago, I had read about it on WikiLeaks and was eager…
CONTINUE READING 🡒
FUCK 2FA! Bypassing two-factor authentication with Modlishka
Security

FUCK 2FA! Bypassing two-factor authentication with Modlishka

28.12.201909/10/20258bit3981
Underground forums are full of offers to hack an account or two (or sell you the login credentials of some ten million accounts if you like). In most cases, such attacks involve social engineering and use fake…
CONTINUE READING 🡒
« Previous 1 2 3 … 10 11 12 13 14 15 Next »
  • No bullshit
  • Cookie Policy
  • Privacy Policy
HackMag — Top-notch cybersecurity magazine © 2025
Support:support@hackmag.com