In the previous article we have already reviewed several methods regarding the boosting of privileges to a system ones in terms of Windows. As it turned out, there are plenty of ways to do that and which…
CONTINUE READING 🡒 Category: Security
Let’s get rid of default settings!
When people prepare a server for their resource or set up some other software, they often leave most of the default options in configuration files unchanged. Then the project is provided with more and more functions, and…
CONTINUE READING 🡒 
SharePoint Serving the Hacker
SharePoint is a corporate document storage system from Microsoft with CMS capabilities which is strongly bound to Active Directory. You can use Google to find general descriptions of its vulnerabilities but, given that the details of its…
CONTINUE READING 🡒 
Pwn Plug R2
Instrumental bugs, radio interception — everyone's heard of these, right? The idea of introducing one's own device into a communication channel that carries important information is as old as the world. Such devices are well-known to everyone…
CONTINUE READING 🡒 
Cryptography at gunpoint
Cryptography is perceived as a magic wand waving which one can protect any information system. However, surprisingly enough, cryptographic algorithms can be successfully attacked. All sophisticated cryptanalysis theories will be brought to naught if the smallest piece…
CONTINUE READING 🡒 
The Bourne Identity
It is always stressed me out how Google AdSense palm me off with certain contextual advertising based on my previous searches. And it might seem that quite enough amount of time had passed and that all cachees…
CONTINUE READING 🡒 
Apple forensic: advanced look onto Apple security
As of last July Apple sold over 800 million iOS devices. More than a half of them are various iPhone versions. With such number of devices in circulation it's not surprising at all that they often undergo…
CONTINUE READING 🡒 
How to get sensitive data using social networks API?
Everybody knows that present-day social networks in fact are huge DBs containing a lot of interesting private information of the users. Why should you get by with the crumbs of information from index page when every network…
CONTINUE READING 🡒 
Learning to detect shell codes for ARM platform
The ubiquitousness of ARM based devices means that malefactors find them more "yummy" for an attack. It's no surprise that shell codes for this platform have long become reality. In spite of the fact that the researchers…
CONTINUE READING 🡒 
Root for HDD: expanding the HDD standard capabilities
HDD structure is surely known to everyone, to a certain extent. Basically, it consists of several platters which rotate with the speed of 15,000 rpm, position control device and control electronics module. All this is complemented by…
CONTINUE READING 🡒 
Read and execute. Exploiting a new vulnerability in GitLab
In late March 2020, a bug was discovered in a popular web-based tool called GitLab. The error enables the attacker to advance from reading files in the system to executing arbitrary commands. The vulnerability was recognized critical because the attacker doesn’t need any special rights in the…
CONTINUE READING 🡒