• News
  • Mobile
  • Security
  • Malware
  • Coding
  • Unix
  • DevOps
  • Log In
  • Sign Up
  • No bullshit
  • Cookie Policy
  • Privacy Policy
Log In / Sign Up

Category: Security

Top 5 Ways to Use a VPN for Enhanced Online Privacy and Security
Security

Top 5 Ways to Use a VPN for Enhanced Online…

22.01.2023Duygu Demiroz800
This is an external third-party advertising publication.
CONTINUE READING 🡒
Challenge the Keemaker! How to bypass antiviruses and inject shellcode into KeePass memory
Coding Security

Challenge the Keemaker! How to bypass antiviruses and inject shellcode…

03.06.202217/04/2025snovvcrash880
Recently, I was involved with a challenging pentesting project. Using the KeeThief utility from GhostPack, I tried to extract the master password for the open-source KeePass database from the process memory. Too bad, EDR was monitoring the system and prevented me from doing this: after…
CONTINUE READING 🡒
Vulnerable Java. Hacking Java bytecode encryption
Security

Vulnerable Java. Hacking Java bytecode encryption

03.06.202208/04/2025JaboHack820
Java code is not as simple as it seems. At first glance, hacking a Java app looks like an easy task due to a large number of available decompilers. But if the code is protected by bytecode encryption, the problem becomes much more complicated. In this article,…
CONTINUE READING 🡒
Climb the heap! Exploiting heap allocation problems
Security

Climb the heap! Exploiting heap allocation problems

02.06.202217/04/2025Viacheslav Moskvin760
Some vulnerabilities originate from errors in the management of memory allocated on a heap. Exploitation of such weak spots is more complicated compared to ‘regular’ stack overflow; so, many hackers security researchers have no idea how to approach them. Even the Cracking the Perimeter (OSCE) course doesn’t…
CONTINUE READING 🡒
Quarrel on the heap. Heap exploitation on a vulnerable SOAP server in Linux
Security

Quarrel on the heap. Heap exploitation on a vulnerable SOAP…

01.06.202208/04/2025Marsel Shagiev460
This paper discusses a challenging CTF-like task. Your goal is to get remote code execution on a SOAP server. All exploitation primitives are involved with the heap in one way or another; so, you’ll learn a lot about functions interacting with it. Also, you’ll…
CONTINUE READING 🡒
Routing nightmare. How to pentest OSPF and EIGRP dynamic routing protocols
Security

Routing nightmare. How to pentest OSPF and EIGRP dynamic routing…

01.06.202208/04/2025necreas1ng660
The magic and charm of dynamic routing protocols can be deceptive: admins trust them implicitly and often forget to properly configure security systems embedded in these protocols. In this article, I will explain what nightmares can occur if the network admin doesn’t take a good care…
CONTINUE READING 🡒
First contact. Attacks on chip-based cards
Security

First contact. Attacks on chip-based cards

01.06.202208/04/2025Timur Yunusov730
Virtually all modern bank cards are equipped with a special chip that stores data required to make payments. This article discusses fraud techniques used to compromise such cards and methods used by banks to protect cardholders against attackers.
CONTINUE READING 🡒
Log4HELL! Everything you must know about Log4Shell
Security

Log4HELL! Everything you must know about Log4Shell

01.06.202208/04/2025aLLy780
Up until recently, just a few people (aside from specialists) were aware of the Log4j logging utility. However, a vulnerability found in this library attracted to it a great attention from researches nowadays. Let’s take a closer look at the origin and operation mechanism of this bug…
CONTINUE READING 🡒
WinAFL in practice. Using fuzzer to identify security holes in software
Security

WinAFL in practice. Using fuzzer to identify security holes in…

01.06.202208/04/2025Viacheslav Moskvin2740
WinAFL is a fork of the renowned AFL fuzzer developed to fuzz closed-source programs on Windows systems. All aspects of WinAFL operation are described in the official documentation, but its practical use – from downloading to successful fuzzing and first crashes – is not that simple.
CONTINUE READING 🡒
Cybercrime story. Analyzing Plaso timelines with Timesketch
Security

Cybercrime story. Analyzing Plaso timelines with Timesketch

01.06.202208/04/2025sUzU1672
When you investigate an incident, it’s critical to establish the exact time of the attack and method used to compromise the system. This enables you to track the entire chain of operations performed by the malefactor. Today, I will show how to do this using the Timesketch tool.
CONTINUE READING 🡒
F#ck AMSI! How to bypass Antimalware Scan Interface and infect Windows
Security

F#ck AMSI! How to bypass Antimalware Scan Interface and infect…

01.06.202208/04/2025be_a_saint990
Is the phrase “This script contains malicious content and has been blocked by your antivirus software” familiar to you? It’s generated by Antimalware Scan Interface (AMSI), a protection mechanism embedded in Windows 10 that blocks the execution of malicious scripts. But can AMSI be bypassed?…
CONTINUE READING 🡒
Fastest shot. Optimizing Blind SQL injection
Security

Fastest shot. Optimizing Blind SQL injection

04.04.202208/04/2025Pavel Sorokin680
Being employed with BI.ZONE, I have to exploit Blind SQL injection vulnerabilities on a regular basis. In fact, I encounter Blind-based cases even more frequently than Union- or Error-based ones. But how to raise the efficiency of such attack? This article provides an overview of approaches…
CONTINUE READING 🡒
Elephants and their vulnerabilities. Most epic CVEs in PostgreSQL
Security

Elephants and their vulnerabilities. Most epic CVEs in PostgreSQL

04.04.202208/04/2025Andrey Borodin610
Once a quarter, PostgreSQL publishes minor releases containing vulnerabilities. Sometimes, such bugs make it possible to make an unprivileged user a local king superuser. To fix them, Postgres DBAs release patches simultaneously with the updates and sleep peacefully. However, many forks share a large codebase…
CONTINUE READING 🡒
Timeline of everything. Collecting system events with Plaso
Security

Timeline of everything. Collecting system events with Plaso

16.02.202208/04/2025sUzU2550
As you are likely aware, forensic analysis tools quickly become obsolete, while hackers continuously invent new techniques enabling them to cover tracks! As a result, valiant DFIR (Digital Forensics and Incident Response) fighters suffer fiascoes on a regular basis. So, I…
CONTINUE READING 🡒
First contact: How hackers steal money from bank cards
Security

First contact: How hackers steal money from bank cards

15.02.202215/02/2022Timur Yunusov751
Network fraudsters and carders continuously invent new ways to steal money from cardholders and card accounts. This article discusses techniques used by criminals to bypass security systems protecting bank cards.
CONTINUE READING 🡒
F#ck da Antivirus! How to bypass antiviruses during pentest
Security

F#ck da Antivirus! How to bypass antiviruses during pentest

09.02.202208/04/2025s0i37970
Antiviruses are extremely useful tools – but not in situations when you need to remain unnoticed on an attacked network. Today, I will explain how to fool antivirus programs and avoid detection in compromised systems during penetration testing.
CONTINUE READING 🡒
First contact: An introduction to credit card security
Security

First contact: An introduction to credit card security

09.02.202208/04/2025Timur Yunusov650
I bet you have several cards issued by international payment systems (e.g. Visa or MasterCard) in your wallet. Do you know what algorithms are used in these cards? How secure are your payments? People pay with such cards every day…
CONTINUE READING 🡒
Step by Step. Automating multistep attacks in Burp Suite
Security

Step by Step. Automating multistep attacks in Burp Suite

13.01.202217/04/2025empty.jack804
When you attack a web app, you sometimes have to perform a certain sequence of actions multiple times (e.g. brute-force a password or the second authentication factor, repeatedly use the same resource, etc.). There are plenty of tools designed for this purpose. Which one to choose…
CONTINUE READING 🡒
Post-quantum VPN. Understanding quantum computers and installing OpenVPN to protect them against future threats
Security

Post-quantum VPN. Understanding quantum computers and installing OpenVPN to protect…

12.01.202208/04/2025Andrey Parkhomenko800
Quantum computers have been widely discussed since the 1980s. Even though very few people have dealt with them by now, such devices steadily become a harsh reality threatening traditional cryptography. In response to this threat, computer engineers have developed post-quantum encryption…
CONTINUE READING 🡒
First contact. Attacks against contactless cards
Security

First contact. Attacks against contactless cards

12.01.202208/04/2025Timur Yunusov950
Contactless payment cards are very convenient: you just tap the terminal with your card, and a few seconds later, your phone rings indicating that the transaction is completed. But this convenience has a downside: malefactors can steal money from such cards. This…
CONTINUE READING 🡒
« Previous 1 2 3 … 6 7 8 9 10 11 12 13 14 15 Next »
  • No bullshit
  • Cookie Policy
  • Privacy Policy
HackMag — Top-notch cybersecurity magazine © 2025
Support:support@hackmag.com