File Inclusion and Path Traversal vulnerabilities are among the most critical issues in web security, as they allow attackers to read and execute files. In this article, we will start by examining how these vulnerabilities work and…
CONTINUE READING 🡒 Category: Security
Common Attack Scenarios on Corporate Networks: Analyzing Hacker Strategies
Pentesters at Positive Technologies conduct dozens of penetration tests every year. This article is a collection of typical attack scenarios used during these pentests that allowed them to gain control over the client's network in 80% of…
CONTINUE READING 🡒 
Building a Pwnagotchi: Creating an AI-Powered Hacking Device
Readers of "Хакер" have likely wondered at least once: is it possible to build an inexpensive device that can hack something with the push of a button? Or even without a button, on its own, automatically? Yes,…
CONTINUE READING 🡒 
Building a Hacker’s Toolkit: Essential Utilities for Easier Cybersecurity Operations
Not sure what to do during the holidays? Not basking in the sun while gardening? Not belting out songs in a tipsy haze? No problem! Let me tell you about some fantastic programs that will surely entertain…
CONTINUE READING 🡒 
Self-defense for hackers. Monitoring attacks on the airwaves
This article explains how to detect intrusions into your wireless network. Almost all mainstream attacks on Wi-Fi have distinctive features, and you can identify them by listening to the airwaves.
CONTINUE READING 🡒 
Gathering User Data in Windows Networks: Exploring Active Directory Without…
Imagine someone launching an attack on a corporate Windows network. Initially, the attacker has either limited or no privileges within the domain. Consequently, they will search for accounts and services without elevated privileges, meaning they won't be…
CONTINUE READING 🡒 
Collecting Credentials in Active Directory: Identifying Critical Data Amid Domain…
For a successful attack on Active Directory, taking control of workstations, and moving laterally across a network, a skilled hacker doesn't necessarily need user credentials. However, there are times when they are indispensable. To obtain these credentials,…
CONTINUE READING 🡒 
How to Fix a USB Drive That Has Turned Into…
Imagine you insert a USB drive into your computer and see a message: "To use the disk in drive F:, you must first format it. Do you want to format it?" If it's a new USB drive,…
CONTINUE READING 🡒 
Choosing the Right Messenger for Secure and Private Communication
It's paradoxical but true: despite the variety of messaging apps available, we often don't really have a choice—we just use the ones our friends and acquaintances are using. But what if privacy is really important to you?…
CONTINUE READING 🡒 
Learning Game Hacking: Developing Cheats with a Simple Example
Video games are great because the reward for success is genuinely satisfying, while the cost of failure is low. However, sometimes to unlock new abilities or simply to speed up gameplay, you might resort to not-so-honest methods.…
CONTINUE READING 🡒 
Analyzing Attacks on Microsoft Active Directory: Intrusion Techniques and Detection…
Over the past four years, not a single Black Hat or DEF CON has gone by without presentations focusing on attacks against Microsoft Active Directory. Participants share new attack vectors and their own innovations, while also providing…
CONTINUE READING 🡒 
Introduction to Hacking: Authentication Testing and Basic Security Exploits
Fifteen years ago, Chris Kaspersky's epic work "Fundamental Principles of Hacking" was the go-to guide for every budding computer security researcher. The editors of "Hacker" have taken on the challenge of updating this substantial work, bringing it…
CONTINUE READING 🡒 
Advanced OSINT Techniques: Exploring Modern Network Intelligence Methods
What do competitive intelligence, penetration testing, and cyber incident investigations have in common? They all involve information gathering, primarily from open sources. But what do you do when the data you find isn't enough, and your usual…
CONTINUE READING 🡒 
Mastering the Terminal: Essential Tips to Become a Console Guru
Any Unix enthusiast who has spent a couple of hours learning basic commands and bash syntax knows that the command line is an incredibly handy tool. However, not everyone realizes just how powerful the console can actually…
CONTINUE READING 🡒 
Understanding and Hacking BitLocker: Exploring Windows Disk Encryption and Its…
The BitLocker encryption technology was first introduced ten years ago and has evolved with each new version of Windows. However, not all changes have been aimed at increasing cryptographic strength. In this article, we will take an…
CONTINUE READING 🡒 
Cyber Intelligence Tools: Extracting Data from Instagram, Telegram, GitHub, and…
Open-source intelligence (OSINT) is not only a fascinating activity in its own right but also an essential skill that can be highly valuable in real investigations. Seasoned investigators typically use specialized tools, which we will discuss in…
CONTINUE READING 🡒 
Self-defense for hackers. Detecting attacks in Active Directory
This article explains how to find out that a hacker is operating in your domain, how to automate the detection process, and how to repel attacks in Active Directory.
CONTINUE READING 🡒 
How to Collect Telegram Chat Member Names for Data Analysis
Recently, I delved into the fascinating world of parsing Telegram chats and was surprised by how many repetitive questions people have, the lack of understanding among those who need parsing, and the number of scams and abuses…
CONTINUE READING 🡒 
OAuth from top to bottom. Vulnerability chains and authentication attacks
This article discusses OAuth misconfigs. Normally, most of them are harmless, but under certain conditions, such misconfigs can entail severe consequences, including hacked admin accounts. Today you will learn how to search for vulnerability chains in OAuth.
CONTINUE READING 🡒 
Testing Telegram Bots: How They Search for Personal Data
Recent findings have sparked unprecedented public interest in the shadow business related to data brokering services. It's no secret that almost any information can be bought and sold, but there are claims that some details can be…
CONTINUE READING 🡒