Sometimes, YARA is called the Swiss Army knife of virus analysts. This tool makes it possible to create a set of rules to detect malicious and potentially dangerous programs quickly and accurately. In this article, I will explain how to write perfect YARA rules so that its engine…
CONTINUE READING 🡒 Category: Security
KARMAgeddon. Attacking client devices with Karma
Even if your client device isn’t connected to Wi-Fi, it still can be attacked. There is a special category of attacks called Karma that compromise client devices equipped with Wi-Fi modules. This article explains in simple terms how such attacks work.
CONTINUE READING 🡒 
Brute-force on-the-fly. Attacking wireless networks in a simple and effective…
Attacks on Wi-Fi are extremely diverse: your targets are both client devices and access points who, in turn, can use various protocols and authentication methods. This article presents a simple but effective brute-forcing technique for wireless networks.
CONTINUE READING 🡒 
Megadrone. Assembling a long-range and jammer-resistant hacker drone
Imagine that you are sitting with your computer on an upper floor of a secure building located in the middle of a restricted zone fenced by electrified barbed wire. You feel completely safe: cameras and vigilant security personnel protect you. As of a…
CONTINUE READING 🡒 
Diving Deep into Cybersecurity: Unlocking Advanced Tech Discussions for the…
This is an external third-party advertising publication.
CONTINUE READING 🡒 
Poisonous fruit. How to assemble your own Wi-Fi Pineapple and…
In sci-fi movies, hackers often use small pocket devices, less than a cellphone in size, to hack a company’s wireless network, gain access to its servers, and steal passwords. This article gives you a chance to become one of such hackers; all you need for this…
CONTINUE READING 🡒 
Invisible device. Penetrating into a local network with an ‘undetectable’…
Unauthorized access to someone else’s device can be gained not only through a USB port, but also via an Ethernet connection – after all, Ethernet sockets are so abundant in modern offices and public spaces. In this article, I will explain how to penetrate into…
CONTINUE READING 🡒 
Evil modem. Establishing a foothold in the attacked system with…
If you have direct access to the target PC, you can create a permanent and continuous communication channel with it. All you need for this is a USB modem that must be slightly modified first. In this article, I will explain in detail how…
CONTINUE READING 🡒 
Evil Ethernet. BadUSB-ETH attack in detail
If you have a chance to plug a specially crafted device to a USB port of the target computer, you can completely intercept its traffic, collect cookies and passwords, and hack the domain controller. The attack is delivered over Wi-Fi, and this article explains how to implement it.
CONTINUE READING 🡒 
VERY bad flash drive. BadUSB attack in detail
BadUSB attacks are efficient and deadly. This article explains how to deliver such an attack, describes in detail the preparation of a malicious flash drive required for it, provides code that must be written on this device, and discusses how to make Windows and Linux users plug your…
CONTINUE READING 🡒 
Croc-in-the-middle. Using crocodile clips do dump traffic from twisted pair…
Some people say that eavesdropping is bad. But for many security specialists, traffic sniffing is a profession, not a hobby. For some reason, it’s believed that this process requires special expensive equipment, but today, I will show how network traffic…
CONTINUE READING 🡒 
Cold boot attack. Dumping RAM with a USB flash drive
Even if you take efforts to protect the safety of your data, don’t attach sheets with passwords to the monitor, encrypt your hard drive, and always lock your computer before leaving it unattended, this doesn’t guarantee that your information is safe. Your RAM can…
CONTINUE READING 🡒 
Sad Guard. Identifying and exploiting vulnerability in AdGuard driver for…
Last year, I discovered a binary bug in the AdGuard driver. Its ID in the National Vulnerability Database is CVE-2022-45770. I was disassembling the ad blocker and found a way to use the identified vulnerability for local privilege escalation. As a bonus, this article gives insight into…
CONTINUE READING 🡒 
Kung fu enumeration. Data collection in attacked systems
In penetration testing, there’s a world of difference between reconnaissance (recon) and data collection (enum). Recon involves passive actions; while enum, active ones. During recon, you use only open sources (OSINT), and the target system is not affected in any way (i.e. all…
CONTINUE READING 🡒 
Serpent pyramid. Run malware from the EDR blind spots!
In this article, I’ll show how to modify a standalone Python interpreter so that you can load malicious dependencies directly into memory using the Pyramid tool (not to be confused with the web framework of the same name). Potentially, this enables you to evade…
CONTINUE READING 🡒 
Attacks on the DHCP protocol: DHCP starvation, DHCP spoofing, and…
Chances are high that you had dealt with DHCP when configuring a router. But are you aware of risks arising if this protocol is misconfigured on a company’s server? Using its misconfigurations, not only can a hacker disable the DHCP server, but also deliver…
CONTINUE READING 🡒 
Poisonous spuds. Privilege escalation in AD with RemotePotato0
This article discusses different variations of the NTLM Relay cross-protocol attack delivered using the RemotePotato0 exploit. In addition, you will learn how to hide the signature of an executable file from static analysis.
CONTINUE READING 🡒 
Infiltration and exfiltration. Data transmission techniques used in pentesting
Imagine a situation: you managed to penetrate the network perimeter and gained access to a server. This server is part of the company’s internal network, and, in theory, you could penetrate there as well. Too bad, the compromised node is in the DMZ and doesn’t have access to the Internet.…
CONTINUE READING 🡒 
Nightmare Spoofing. Evil Twin attack over dynamic routing
Attacks on dynamic routing domains can wreak havoc on the network since they disrupt the routing process. In this article, I am going to present my own modification of the Evil Twin attack designed to intercept data in OSPF-based networks. I will also demonstrate how…
CONTINUE READING 🡒 
Herpaderping and Ghosting. Two new ways to hide processes from…
The primary objective of virus writers (as well as pentesters and Red Team members) is to hide their payloads from antiviruses and avoid their detection. Various techniques are used for this purpose. This paper discusses two of them: Herpaderping and Ghosting.
CONTINUE READING 🡒