Today in our collection of curiosities, we have an intriguing specimen: an operating system written entirely in pure assembly language. With its drivers, graphical interface, and dozens of pre-installed programs and games, it takes up less than…
CONTINUE READING 🡒 Category: Security
Effective Erasure: Ensuring Fast and Irrevocable Data Destruction
Destroying evidence and covering tracks is typically reserved for the less law-abiding individuals. However, today we’ll discuss how to securely erase data from various devices when you plan to sell, give away, or simply dispose of a disk, phone, or computer.
CONTINUE READING 🡒 
Essential Tools for Software Reverse Engineering and Cracking
Every reverse engineer, malware analyst, and researcher eventually develops a personal toolkit of utilities they regularly use for analysis, unpacking, or cracking. In this review, I will share my own version. This will be useful for anyone who hasn’t yet compiled their own…
CONTINUE READING 🡒 
You won’t escape! Hijacking user sessions in Windows
How often do you encounter a much-desired domain admin session on an outdated Windows 7 workstation? In the hands of a hacker pentester, this admin account is a ‘master key’ that can unlock the entire network. But imagine that an evil antivirus prevents you…
CONTINUE READING 🡒 
Hijacking COM. Abusing COM classes to hijack user sessions
As you are likely aware, Windows assigns a unique session to each user logging into the system. And if somebody logs into an already hacked device, you can hijack that person’s session. This article discusses a promising privilege escalation technique: the attacker steals users’…
CONTINUE READING 🡒 
Anger management. Welcome to Angr, a symbolic emulation framework
Angr is an unbelievably powerful emulator. This crossplatform tool supports all most popular architectures; using it, you can search for vulnerabilities both in PE32 on Linux and in router firmware on Windows. Let’s examine this binary analysis framework in more detail using Linux…
CONTINUE READING 🡒 
Partying by the pool. Mastering PoolParty process injection techniques
PoolParty is a new type of injections into legitimate processes that abuses Windows Thread Pools, a sophisticated thread management mechanism. Let’s dissect Windows Thread Pools to find out how it can be used for pentesting purposes.
CONTINUE READING 🡒 
OAuth from top to bottom. Examining protocol features and basic…
Most modern websites have an authentication form, and in its lower part you can often see buttons enabling you to sign in via various social networks. This login mechanism is based on the OAuth protocol, and today you’ll learn its structure and main vulnerabilities. At the…
CONTINUE READING 🡒 
Self-defense for hackers. Catching intruders at the network level
This article presents a number of simple but effective computer self-defense techniques that will help you to detect hackers who have penetrated into your local network. You will learn to identify penetration traces and catch intruders using special scripts. Let’s start with…
CONTINUE READING 🡒 
Multistep SQL injection attacks: Operating principle and impact
SQL injections (SQLi) are among the most popular vulnerabilities in the pentesting community. Too bad, such attacks are increasingly rare nowadays since modern security tools easily detect them. By contrast, an injection triggered when data transfer occurs between services is much…
CONTINUE READING 🡒 
Victory over “bads”: using Victoria to recover data and reset…
Recovering deleted files is not a problem; there are dozens of utilities for this. But what if the drive is damaged, has an erroneous geometry description, or is password protected at the controller level? Then the Victoria utility comes to the rescue. It is written in assembler, takes up…
CONTINUE READING 🡒 
We cover our tracks. How to make Windows forget everything
Lists of open files and USB devices, browser history, DNS cache – all this helps to find out what the user was doing. We have compiled step-by-step instructions on how to remove traces of your activity in different versions of Windows, Office and popular browsers. At the end…
CONTINUE READING 🡒 
A darknet trip. Take the greenest places .onion
The word “darknet” has almost become a clichĂ© for everything that is taboo, difficult to access, and potentially dangerous. But what is a real darknet? We’re offering you another study sharing everything we’ve been able to dig up lately. This time – with…
CONTINUE READING 🡒 
Bring Your Own Vulnerable Driver! Meet BYOVD – one of…
Many notorious hacker groups (e.g. North Korea’s Lazarus) use the BYOVD attack to gain access to kernel space and implement complex advanced persistent threats (APTs). The same technique is employed by the creators of the Terminator tool and various encryptor operators. This paper discusses BYOVD operating…
CONTINUE READING 🡒 
IP cameras in pentesting. Improper use of security cameras
In the course of a pentesting audit, you can capture an image from a security camera and attach it to your report – just to please the customer. No doubt, such pictures are impressive, but what can be the real impact of attacks targeting cameras? Today I will…
CONTINUE READING 🡒 
In the footsteps of Phrack. Searching for LKM rootkits in…
A long time ago, in the early days of my journey to Linux kernel rootkits, I came across a Phrack article describing a rootkit detection technique implemented for i386. The article wasn’t new and referred to a vintage Linux kernel dated 2003. Something in that paper…
CONTINUE READING 🡒 
Threadless Injection. Injecting shellcode into third-party processes to circumvent EDR
This article discusses Threadless Injection: a technique making it possible to make injections into third-party processes. At the time of writing, it effectively worked on Windows 11 23H2 x64 running on a virtual machine isolated from the network with OS security features enabled.
CONTINUE READING 🡒 
Kali Ashes: Hardening hacker distribution and mastering silent pentesting techniques
Kali Linux is extremely popular among pentesters. However, if you penetrate into a network using default settings of this distribution, it would create much noise on the air, which won’t go unnoticed. This article discusses Kali hardening and explains how to make Linux as…
CONTINUE READING 🡒 
Process Ghosting. Circumvent antiviruses in the most dangerous way
One of the main priorities for hackers is to hide the execution of their malicious code. This article explains how to start processes using the Process Ghosting technique and discusses operation principles of malware detection systems.
CONTINUE READING 🡒 
Tunnels Nightmare: ISP protocols expand your pivoting capacity
The modern TCP/IP protocol stack includes plenty of tunneling protocols. Normally, they are used to expand production networks and build infrastructure. But in this research, I will use them as pentesting tools.
CONTINUE READING 🡒