Every reverse engineer, malware analyst or simply a researcher eventually collects a set of utility software that they use on a daily basis to analyze, unpack, and crack other software. This article will cover mine. It will…
CONTINUE READING 🡒 Category: Security
Attacking a car alarm. How does a car alarm security…
Since such devices as bladeRF, HackRF, RTL-SDR, and software systems like GNU Radio had become widely available, reverse engineering of radio air data got really simple and entertaining.
CONTINUE READING 🡒 
What to See on the Darkweb: A Travel Guide to…
We got our hands on a database containing more than 8 000 links to the websites in darknet. It is practically one complete register of what is hidden in Tor Hidden Services. We've chosen the best!
CONTINUE READING 🡒 
The Forest Is Under Control. Taking over the entire Active…
Active Directory is a phenomenon that comes about quite often during the security testing of large companies. It is all too common to come across not a single domain in a single forest, but rather a more…
CONTINUE READING 🡒 
Chromium Alloy. How to forge a hacking tool from a…
The phrase "hacking utilities" has gradually come to acquire a negative meaning. Antivirus software teams curse them out, and users look down on them, placing them on a par with potential threats. But one can perform an…
CONTINUE READING 🡒 
How to provide process isolation and not destroy Windows
How can we isolate suspicious processes in Windows and not destroy the OS? How can we create a reliable and Windows-compatible sandbox without hardware virtualization and kernel function hooking, but with the use of documented default OS…
CONTINUE READING 🡒 
Using Android to keep tabs on your girlfriend. With her…
Today we're going to try out a little spy experiment and gather data on the movements of someone important to us, say a girlfriend, child or grandparent. With their written consent to collect and process their information,…
CONTINUE READING 🡒 
Turning a Regular USB Flash Drive into a USB Rubber…
A long time ago, we reviewed some devices which should be in any hacker's toolbox. One of these devices was a USB Rubber Ducky — a device which resembles a regular USB flash drive. When connected to…
CONTINUE READING 🡒 
Crypto-Ransomware: Russian Style. Large-scale Research on Russian Ransomware
Nowadays the Russian segment of the Web is not dominated by CryptoWall or CTB-Locker, Russia has seen the formation of an "ecosystem" consisting of other types of ransom trojans, which generally don't enter the global arena. Today,…
CONTINUE READING 🡒 
Injection gloves-off: bypassing antivirus software with Shellter
The great problem for many pentests lies in the fact that any "charged" executable file created with Metasploit or other pentest frameworks can be tracked by any antivirus vendor. That is why a pentester has to find…
CONTINUE READING 🡒 
Hidden threats of the IPv6
Why should we worry about IPv6 at all? After all, even though the last blocks of IPv4 addresses have been distributed to the regional registries, the Internet works without any changes. The thing is that IPv6 first…
CONTINUE READING 🡒 
How to keep an eye on someone through an Android…
Everyone cares about their significant others' security. We all know that feeling when your calls are not answered and your Whatsapp messages not marked as read. In a moment like that you would do a lot to…
CONTINUE READING 🡒 
What data Windows 10 sends to Microsoft and how to…
Since its rise Windows was a natural habitat for all kinds of malware. Now the OS itself seems to have become one big trojan. Right after being installed it starts acting weird. The data flows in rivers…
CONTINUE READING 🡒 
How to use WSUS to get control over Windows
This was one of the most interesting attacks showed on Black Hat Las Vegas 2015. Let’s imagine the situation: there’s a large park of Windows computers in a large organization, and they all need to be updated.…
CONTINUE READING 🡒 
0-day attacks using “keep-alive” connections
Most of today's servers support "keep-alive" connections. If the pages have a lot of media content, such connection will help to substantially speed up its download. But we will try to use "keep-alive" for far less obvious…
CONTINUE READING 🡒 
7 non-trivial ways to hack your MySQL Database
MySQL is one of the most common database systems. Found everywhere, it is most likely to be used by numerous websites. Hence the reason why the security of this database is a very important issue. An attacker…
CONTINUE READING 🡒 
TOP–10 ways to boost your privileges in Windows systems
The processes of privileges elevation in Windows and Linux are a bit different. Despite the fact that both systems has the same number of vulnerabilities, according to researchers it is more likely to see the fully patched…
CONTINUE READING 🡒 
BDFProxy
I guess you have heard about Evilgrade framework that allows to “fix” the update mechanism of the most popular programs (Windows update, Apple update and so on and so forth) by replacing valid files with malicious ones.…
CONTINUE READING 🡒 
A small injection for memcached
Memcached is a distributed caching system, which has become very popular in loaded Internet projects. And as you know, with the growth of product popularity, the interest in its safety is also increasing. Therefore, we will study…
CONTINUE READING 🡒 
Let us see the Impact!
Bug Bounty—vulnerability reward programs for vendors—become more and more widespread. And sometimes, vulnerabilities search detects some evidently insecure areas (e.g., self-XSS) the threat of which is hard to prove. But the larger (or even the smarter) is…
CONTINUE READING 🡒