Recovering deleted files is not a problem; there are dozens of utilities for this. But what if the drive is damaged, has an erroneous geometry description, or is password protected at the controller level? Then the Victoria utility comes to the rescue. It is written in assembler, takes up…
CONTINUE READING 🡒 Category: Security
We cover our tracks. How to make Windows forget everything
Lists of open files and USB devices, browser history, DNS cache – all this helps to find out what the user was doing. We have compiled step-by-step instructions on how to remove traces of your activity in different versions of Windows, Office and popular browsers. At the end…
CONTINUE READING 🡒 A darknet trip. Take the greenest places .onion
The word “darknet” has almost become a cliché for everything that is taboo, difficult to access, and potentially dangerous. But what is a real darknet? We’re offering you another study sharing everything we’ve been able to dig up lately. This time – with…
CONTINUE READING 🡒 Bring Your Own Vulnerable Driver! Meet BYOVD – one of…
Many notorious hacker groups (e.g. North Korea’s Lazarus) use the BYOVD attack to gain access to kernel space and implement complex advanced persistent threats (APTs). The same technique is employed by the creators of the Terminator tool and various encryptor operators. This paper discusses BYOVD operating…
CONTINUE READING 🡒 IP cameras in pentesting. Improper use of security cameras
In the course of a pentesting audit, you can capture an image from a security camera and attach it to your report – just to please the customer. No doubt, such pictures are impressive, but what can be the real impact of attacks targeting cameras? Today I will…
CONTINUE READING 🡒 In the footsteps of Phrack. Searching for LKM rootkits in…
A long time ago, in the early days of my journey to Linux kernel rootkits, I came across a Phrack article describing a rootkit detection technique implemented for i386. The article wasn’t new and referred to a vintage Linux kernel dated 2003. Something in that paper…
CONTINUE READING 🡒 Threadless Injection. Injecting shellcode into third-party processes to circumvent EDR
This article discusses Threadless Injection: a technique making it possible to make injections into third-party processes. At the time of writing, it effectively worked on Windows 11 23H2 x64 running on a virtual machine isolated from the network with OS security features enabled.
CONTINUE READING 🡒 Kali Ashes: Hardening hacker distribution and mastering silent pentesting techniques
Kali Linux is extremely popular among pentesters. However, if you penetrate into a network using default settings of this distribution, it would create much noise on the air, which won’t go unnoticed. This article discusses Kali hardening and explains how to make Linux as…
CONTINUE READING 🡒 Process Ghosting. Circumvent antiviruses in the most dangerous way
One of the main priorities for hackers is to hide the execution of their malicious code. This article explains how to start processes using the Process Ghosting technique and discusses operation principles of malware detection systems.
CONTINUE READING 🡒 Tunnels Nightmare: ISP protocols expand your pivoting capacity
The modern TCP/IP protocol stack includes plenty of tunneling protocols. Normally, they are used to expand production networks and build infrastructure. But in this research, I will use them as pentesting tools.
CONTINUE READING 🡒 Evilginx + Gophish. Deploying phishing simulation infrastructure and bypassing 2FA
In the course of a pentesting audit, you often have to simulate phishing attacks. This article provides a step-by-step guide to deploying infrastructure for such simulation. You will learn how to create a mail server from scratch, install and configure the Evilginx reverse proxy, and then integrate…
CONTINUE READING 🡒 MikroTik Daymare. Protecting MikroTik equipment from hacker attacks
MikroTik devices are widely used in corporate networks, but in most cases they aren’t properly configured, which opens the door to various attacks. This article discusses basic RouterOS security concepts, including protection against spoofing, traffic handling, and attacks on control panels.
CONTINUE READING 🡒 Blinding Sysmon completely: Manipulating ETW objects to evade monitoring
Immediately after getting access to the target system, the attacker tries to disable its audit tools to remain undetected as long as possible. In this article, I will explain how to blind Windows monitoring tools by manipulating the Event Tracing for Windows (ETW) subsystem.
CONTINUE READING 🡒 NFC from a hacker’s perspective. Attacking Mifare-based PACS
At some point, simple identifiers cannot ensure proper access control anymore, and consumers switch to a more advanced solution: Mifare. But are Mifare-based devices actually as secure as the manufacturer claims? Let’s figure it out!
CONTINUE READING 🡒 MikroTik Nightmare. Pentesting MikroTik network equipment
This article discusses the security of MikroTik equipment from the attacker’s perspective. Being very popular, MikroTik products are often attacked by hackers. The primary focus of this research is post-exploitation. Also, I will touch on issues plaguing RouterOS defense mechanisms that are exploited by…
CONTINUE READING 🡒 Save me. How to protect networks against spoofing attacks
Spoofing attacks are simple to deliver, and their impact is gross. This article discusses such attacks from the security perspective. The main challenge is to intelligently integrate network security solutions with production without disrupting business processes. Such integration requires a good understanding of the network…
CONTINUE READING 🡒 Caster Remix. Windows post-exploitation with virtual MikroTik
Recently I discovered a new way to implement L2 tunneling against Windows networks. Inspired by the spying penguin concept, I am going to demonstrate a fresh approach to Windows post-exploitation involving a MikroTik Cloud Hosted Router (CHR) that enables you to perform pivoting and provides L2…
CONTINUE READING 🡒 JavaScript al dente. Fuzzing JS engines with Fuzzilli
Hey guys! Today, pasta is on the menu! You will learn how to identify vulnerabilities in JavaScript engines using the Fuzzilli fuzzer. After a brief theoretical introduction, you’ll jump directly to practice. Let’s assemble the required tools and start fuzzing.
CONTINUE READING 🡒 PACS from a hacker’s perspective. Attacks on RFID-based physical access…
Hacking electronic turnstiles installed at building entrances is a popular trick shown in many movies. This article discusses RFID-based physical access control systems (PACS) and demonstrates how easily the most commonly used identifier, EM4100, can be faked.
CONTINUE READING 🡒 Gain sight of a remote network! Reconstructing the connection diagram…
To comprehend operating principles and functions of network protocols, you have to understand their structure. The purpose of this study was to analyze a small portion of network traffic and reconstruct the network diagram based on the data extracted from it.
CONTINUE READING 🡒