In this article, I will demonstrate how to progress from a beginner to a fully functional Active Directory domain controller administrator. We'll use a virtual machine available for hacking on the HackTheBox CTF platform as our guide.…
CONTINUE READING 🡒 Category: Security
Introduction to Hacking: Authentication Testing and Basic Security Exploits
Fifteen years ago, Chris Kaspersky's epic work "Fundamental Principles of Hacking" was the go-to guide for every budding computer security researcher. The editors of "Hacker" have taken on the challenge of updating this substantial work, bringing it…
CONTINUE READING 🡒 Advanced OSINT Techniques: Exploring Modern Network Intelligence Methods
What do competitive intelligence, penetration testing, and cyber incident investigations have in common? They all involve information gathering, primarily from open sources. But what do you do when the data you find isn't enough, and your usual…
CONTINUE READING 🡒 Mastering the Terminal: Essential Tips to Become a Console Guru
Any Unix enthusiast who has spent a couple of hours learning basic commands and bash syntax knows that the command line is an incredibly handy tool. However, not everyone realizes just how powerful the console can actually…
CONTINUE READING 🡒 Understanding and Hacking BitLocker: Exploring Windows Disk Encryption and Its…
The BitLocker encryption technology was first introduced ten years ago and has evolved with each new version of Windows. However, not all changes have been aimed at increasing cryptographic strength. In this article, we will take an…
CONTINUE READING 🡒 Cyber Intelligence Tools: Extracting Data from Instagram, Telegram, GitHub, and…
Open-source intelligence (OSINT) is not only a fascinating activity in its own right but also an essential skill that can be highly valuable in real investigations. Seasoned investigators typically use specialized tools, which we will discuss in…
CONTINUE READING 🡒 Self-defense for hackers. Detecting attacks in Active Directory
This article explains how to find out that a hacker is operating in your domain, how to automate the detection process, and how to repel attacks in Active Directory.
CONTINUE READING 🡒 How to Collect Telegram Chat Member Names for Data Analysis
Recently, I delved into the fascinating world of parsing Telegram chats and was surprised by how many repetitive questions people have, the lack of understanding among those who need parsing, and the number of scams and abuses…
CONTINUE READING 🡒 OAuth from top to bottom. Vulnerability chains and authentication attacks
This article discusses OAuth misconfigs. Normally, most of them are harmless, but under certain conditions, such misconfigs can entail severe consequences, including hacked admin accounts. Today you will learn how to search for vulnerability chains in OAuth.
CONTINUE READING 🡒 Testing Telegram Bots: How They Search for Personal Data
Recent findings have sparked unprecedented public interest in the shadow business related to data brokering services. It's no secret that almost any information can be bought and sold, but there are claims that some details can be…
CONTINUE READING 🡒 Effective Free OSINT Tools for Investigation and Competitive Intelligence
Bribing a bank employee to obtain necessary information is clearly unethical. However, gathering information from publicly available sources is still permissible. Today, we will explore a couple dozen services that allow you to collect information about a…
CONTINUE READING 🡒 De-anonymizing Telegram: Finding User and Channel Information from Open Sources
Telegram may appear anonymous, but in reality, there are numerous methods and tools for de-anonymizing its users, which is what this article will discuss. We will delve into trap bots, the use of specialized services, and other…
CONTINUE READING 🡒 Alternative Firmware Options for Flipper Zero: Choosing the Right Upgrade
Flipper Zero is a "hacker multitool" that you have likely heard about. You might even have managed to get your hands on one and have some fun with it. In this article, we'll discuss firmware options that…
CONTINUE READING 🡒 Building Your Own Laptop: Selecting Parts for a High-Performance Custom…
You’ve decided to buy a high-performance laptop, but you’re discouraged by the prices — the combination of power and portability comes at a steep cost. In this article, I’ll explain how to build a portable laptop using standard desktop components, and highlight the advantages of this approach. I’ve named my creation…
CONTINUE READING 🡒 Tiny Hummingbird: Exploring an Entirely Assembly Language Operating System
Today in our collection of curiosities, we have an intriguing specimen: an operating system written entirely in pure assembly language. With its drivers, graphical interface, and dozens of pre-installed programs and games, it takes up less than…
CONTINUE READING 🡒 Effective Erasure: Ensuring Fast and Irrevocable Data Destruction
Destroying evidence and covering tracks is typically reserved for the less law-abiding individuals. However, today we’ll discuss how to securely erase data from various devices when you plan to sell, give away, or simply dispose of a disk, phone, or computer.
CONTINUE READING 🡒 Essential Tools for Software Reverse Engineering and Cracking
Every reverse engineer, malware analyst, and researcher eventually develops a personal toolkit of utilities they regularly use for analysis, unpacking, or cracking. In this review, I will share my own version. This will be useful for anyone who hasn’t yet compiled their own…
CONTINUE READING 🡒 You won’t escape! Hijacking user sessions in Windows
How often do you encounter a much-desired domain admin session on an outdated Windows 7 workstation? In the hands of a hacker pentester, this admin account is a ‘master key’ that can unlock the entire network. But imagine that an evil antivirus prevents you…
CONTINUE READING 🡒 Hijacking COM. Abusing COM classes to hijack user sessions
As you are likely aware, Windows assigns a unique session to each user logging into the system. And if somebody logs into an already hacked device, you can hijack that person’s session. This article discusses a promising privilege escalation technique: the attacker steals users’…
CONTINUE READING 🡒 Anger management. Welcome to Angr, a symbolic emulation framework
Angr is an unbelievably powerful emulator. This crossplatform tool supports all most popular architectures; using it, you can search for vulnerabilities both in PE32 on Linux and in router firmware on Windows. Let’s examine this binary analysis framework in more detail using Linux…
CONTINUE READING 🡒