Recently I discovered a new way to implement L2 tunneling against Windows networks. Inspired by the spying penguin concept, I am going to demonstrate a fresh approach to Windows post-exploitation involving a MikroTik Cloud Hosted Router (CHR) that enables you to perform pivoting and provides L2…
CONTINUE READING 🡒 Category: Security
JavaScript al dente. Fuzzing JS engines with Fuzzilli
Hey guys! Today, pasta is on the menu! You will learn how to identify vulnerabilities in JavaScript engines using the Fuzzilli fuzzer. After a brief theoretical introduction, you’ll jump directly to practice. Let’s assemble the required tools and start fuzzing.
CONTINUE READING 🡒 
PACS from a hacker’s perspective. Attacks on RFID-based physical access…
Hacking electronic turnstiles installed at building entrances is a popular trick shown in many movies. This article discusses RFID-based physical access control systems (PACS) and demonstrates how easily the most commonly used identifier, EM4100, can be faked.
CONTINUE READING 🡒 
Gain sight of a remote network! Reconstructing the connection diagram…
To comprehend operating principles and functions of network protocols, you have to understand their structure. The purpose of this study was to analyze a small portion of network traffic and reconstruct the network diagram based on the data extracted from it.
CONTINUE READING 🡒 
Virtual magic. Emulation and virtualization technologies in pivoting
When you conduct pentesting audits, you rarely enjoy such luxury as admin privileges or root rights. Quite the opposite, in most situations you have to deal with antiviruses and firewalls that make it almost impossible to deliver an attack. Fortunately, emulation and virtualization magic comes…
CONTINUE READING 🡒 
Blinding Sysmon: How to disable Windows monitoring in a covert…
Immediately after getting access to the target system, the attacker tries to blind its audit tools to remain undetected as long as possible. In this article, I will explain how to blind Sysmon in a covert way making it possible to fool the regular Windows audit.…
CONTINUE READING 🡒 
Liquid Chrome. ‘Use After Free’ bug in the Blink engine
In January 2021, Google released a new version of its Chrome browser. In total, 16 vulnerabilities have been fixed in it. Using one of them as an example, let’s find out how such bugs occur and examine their exploitation techniques enabling hackers to attack computers…
CONTINUE READING 🡒 
Penguin’s secretes: Evidence collection in Linux
Hey, bro, are you aware that Windows is dead? Everyone is switching to free software nowadays. You’re a hacker security guy, right? So, your job is to ensure security. And here’s an interesting case to be investigated: a Linux computer and an incident that occurred with it.…
CONTINUE READING 🡒 
Your guide to NTLM relay, Part 2: Delivering relay attacks
NTLM relay attacks aren’t new to pentesters. In most cases, the main prerequisite for a successful relay attack isn’t a vulnerability, but an infrastructure misconfiguration; this is why such attacks are often used in real-life situations. This article discusses relay attacks and techniques used to deliver them…
CONTINUE READING 🡒 
Your guide to NTLM relay: Hijacking NTLM authentication to deliver…
Why NTLM authentication is still present in many infrastructures? The correct answer is: because Windows cannot exist without it. But NTLM authentication is marred by a number of problems that can be exploited by attackers. One of such problems is its vulnerability to relay attacks. This article…
CONTINUE READING 🡒 
Flaying three-headed sheep. How to dump Kerberos tickets in C++
Kerberos offers plenty of user authentication features. Its main ‘bricks’ are tickets; in the course of penetration testing, the attacker dumps such tickets from the LSASS process memory at least once. Today, I will explain how this operation can be performed without sophisticated hacker…
CONTINUE READING 🡒 
Goodbye Mimikatz! Inject tickets with your own hands
To implement a number of pass-the-ticket attacks, you have to inject a Kerberos ticket into the compromised system. Such tools as Mimikatz, Impacket, or Rubeus can be used for this purpose, but they are easily detected by antiviruses, thus, making this approach ineffective. In this…
CONTINUE READING 🡒 
Privileger: Now you’re in control of privileges in Windows
In Windows, privileges play a key role: only the admin has the authority to grant special rights to users so that they can perform their tasks. This article discusses a software tool called Privileger: it enables you to search the system for accounts with certain…
CONTINUE READING 🡒 
Insecurity provider. How Windows leaks user passwords
In Windows, most security mechanisms are based on user account passwords. Today, you will learn several techniques making it possible to intercept a password at the time of user authentication and write code that automates this process.
CONTINUE READING 🡒 
Malformed ELFs. How to make executable Linux files debug-resistant
Plenty of anti-debugging techniques are available nowadays, but one of them stands distinctive. Its main principle is not to detect a debugger, but to prevent the app from running in it. This article explains how such a goal can be achieved using parser differentials and fuzzing. You will…
CONTINUE READING 🡒 
YARA to the maximum. Learn to write effective YARA rules…
Sometimes, YARA is called the Swiss Army knife of virus analysts. This tool makes it possible to create a set of rules to detect malicious and potentially dangerous programs quickly and accurately. In this article, I will explain how to write perfect YARA rules so that its engine…
CONTINUE READING 🡒 
KARMAgeddon. Attacking client devices with Karma
Even if your client device isn’t connected to Wi-Fi, it still can be attacked. There is a special category of attacks called Karma that compromise client devices equipped with Wi-Fi modules. This article explains in simple terms how such attacks work.
CONTINUE READING 🡒 
Brute-force on-the-fly. Attacking wireless networks in a simple and effective…
Attacks on Wi-Fi are extremely diverse: your targets are both client devices and access points who, in turn, can use various protocols and authentication methods. This article presents a simple but effective brute-forcing technique for wireless networks.
CONTINUE READING 🡒 
Megadrone. Assembling a long-range and jammer-resistant hacker drone
Imagine that you are sitting with your computer on an upper floor of a secure building located in the middle of a restricted zone fenced by electrified barbed wire. You feel completely safe: cameras and vigilant security personnel protect you. As of a…
CONTINUE READING 🡒 
Diving Deep into Cybersecurity: Unlocking Advanced Tech Discussions for the…
This is an external third-party advertising publication.
CONTINUE READING 🡒