Today, I am going to battle-test four antivirus programs: a British one, a Chinese one (featuring an original engine), a Finnish one, and an exciting Czech project at the beta-version stage. All of them are free and offer extra protection features aside from the basic system scan. Let’s pit the new antiviruses against hordes of trojans and worms I prepared for them!

Read full article →

Conventional wisdom holds that the most vulnerable component of any computer system is its user. Humans may be inattentive, unthoughtful, or misinformed and easily become victims of phishing attacks. Accordingly, this weak link must be tested for security as thoroughly as the software and hardware components.

Read full article →

How to seize control over a host located in a different subnetwork? The right answer is: build numerous intricate tunnels. This article addresses tunneling techniques and their application in pentesting using as an example Reddish, a hardcore virtual machine (insane difficulty level: 8 out of 10) available on Hack The Box training grounds.

Read full article →

Hacking web sites is one of the most common attack types. This article is dedicated to such attacks and protection against them. I will address the pentesting basics for web applications and explain how to deal with popular web engines using real-life examples.

Read full article →

Gangs of teenagers with portable Bluetooth speakers playing loud music drive me nuts. Today, I will explain how to neutralize this ‘natural disaster’ without (OK, almost without) committing a criminal offense.

Read full article →

Not long ago, researchers have discovered two severe vulnerabilities in Apache Solr, a popular open-source full-text search platform. The first bug relates to incorrect handling of Velocity templates, while the second one originates from the DataImportHandler module. Their exploitation enables the attacker to execute commands remotely; therefore, both vulnerabilities must be treated as critical.

Read full article →