Security – Page 13

Ultimate guide to PowerShell Empire: from installation to persistence in the target system

Date: 30/05/2021

Empire is a popular post-exploitation tool for Windows, Linux, and macOS. This article addresses all key aspects of this framework, including its most frequently used functions. Even if you are a seasoned pentester, you will likely find something new and useful in this material.

Read full article →

Useless Crap? No, not nearly! Advance your binary exploitation skills by solving a sophisticated CTF challenge

Date: 29/05/2021

Author: Pavel Blinnikov

PWN challenges are my favorite tasks at CTF contests. Such tasks effectively train you in real-life code analysis, while their write-ups usually describe all fine details, even those already addressed by other authors. Today, I will explain how to solve a task named “Useless Crap” by its author (it’s available on TG:HACK 2020). The author estimates its difficulty as hard. The task is very challenging indeed, and it took me almost twelve hours to complete it at the contest.

Read full article →

Spying penguin. Windows post-exploitation with a Linux-based VM

Date: 29/05/2021

Author: s0i37

Windows-based systems are significantly more resistant against MITM attacks in comparison with Linux-based ones. The reason is simple: Windows does not include a handy mechanism to forward transit packets. Today, I will explain how to use a minimalist Linux system running on a virtual machine as a gateway. The attack also involves bridged network interfaces that grant the guest OS full L2 access to the network segment where the compromised Windows system is located. The VM will be deployed using VirtualBox.

Read full article →

Android SSL Pinning

Date: 17/03/2021

Author: Sergey Khariuk

Introduction

Modern requirements to mobile data processing apps designed for work with personal and financial data include secure data transfer over the Internet. SSL pinning is a mechanism used to satisfy this requirement: it enables the user to identify a server based on an SSL certificate stamp embedded into the app. This makes Man-In-the-Middle attacks almost impossible and prevents the interception of the data traffic between a client and a server.

cyberlands.io

Read full article →

Seizing subdomains. How I took over Microsoft subdomains and how to perform such attacks

Date: 19/10/2020

Author: Alexander Sidukov

A few years ago, I managed to take over subdomains on Microsoft websites and got access to the mail and files of Outlook and OneDrive users, as well as user profile data on Xbox.com. Today, I am going to share with the hacking community the details of that attack and explain how it can be performed now, in 2020.

Read full article →

Stratosphere flight. How to crack Struts using an Action app and create a Forward Shell

Date: 19/10/2020

Author: snovvcrash

Today, I will show how to conquer the stratosphere – i.e. gain root access on the Stratosphere VM available on Hack The Box CTF grounds. To capture the root flag, I will have to overcome the Apache Struts framework to get an RCE vulnerability in a web app, put to practice the rarely used (but still very useful) Forward Shell remote session concept, highjack a library, and find a way to exploit the eval() function in a treacherous Python script.

Read full article →

The PWN realm. Modern techniques for stack overflow exploitation

Date: 19/10/2020

Author: snovvcrash

The buffer overflow vulnerability is an extremely popular topic on hackers’ forums. In this article, I will provide a universal and practically-oriented ‘introduction’ for enthusiasts studying the basics of low-level exploitation. Using stack overflow as an example, I will address a broad range of topics: from security mechanisms currently used by the GCC compiler to specific features of binary stack overflow exploits.

Read full article →