Attacks… Exploiting F5 Big IP Vulnerability | CVE-2020-5902 8 Jul 202024 Jul 2020 CVE-2020-5902 is a critical remote code execution vulnerability in the configuration interface (aka Traffic Management User Interface – TMUI) of BIG-IP devices used by some of the world’s biggest companies.…
#Metasploit… Windows Takeover with a PDF File 18 Jun 202024 Jul 2020 There are multiple ways to exploit and take over a Windows machine, today we will look at doing this with a PDF file containing a virus. For this you will…
Attacks… Discover & Attack Raspberry Pi’s on a Network 16 Jun 202024 Jul 2020 Many people never bother to change their default password on their devices. For a Raspberry Pi, this can leave it extremely vulnerable. Today, we will be looking at a little…
#career… Regex Cheat Sheet 9 Feb 202011 Feb 2020 A regular expression, regex or regexp is a sequence of characters that define a search pattern. Usually such patterns are used by string searching algorithms for "find" or "find and…
#Metasploit… Heartbleed Discovery and Exploit 1 Feb 202018 Jun 2020 Heartbleed is a security bug in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security protocol. It was introduced into the software in 2012…
AppSec… Gaining Root From a Buffer Overflow Vulnerability 9 Dec 201924 Jul 2020 Buffer overflow flaws can be present in both the web server and application server products that serve the static and dynamic portions of a site, or in the web application…
#career… PenTesting: Gaining Root Privileges on Kioptrix 6 Dec 201924 Jul 2020 Kioptrix is a Capture The Flag style VulnHub VM and the aim of the game is to gain root privileges. We will be using Kali Linux in this post so…
#Metasploit… Write an IMAP Fuzzing Tool 3 Dec 201924 Jul 2020 Picture this scenario. During a host reconnaissance session we discovered an IMAP Mail server which is known to be vulnerable to a buffer overflow attack (Surgemail 3.8k4-4). We found an…
AppSec… First Stack Buffer Overflow to modify Variable 30 Nov 201924 Jul 2020 Stack0: https://exploit.education/protostar/s... Intel Reference: intel.de/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf
#Metasploit… Gaining Access to Windows10 Through VLC Exploit 14 Nov 201924 Jul 2020 VLC is a free and open source cross-platform multimedia player and framework that plays most multimedia files as well as DVDs, Audio CDs, VCDs, and various streaming protocols. Today we…
Attacks… Crack WPA Handshake using Aircrack with Kali Linux 29 Oct 201924 Jul 2020 Today's tutorial will be looking into how you can crack the password of the 4 way handshake of someone that is re-authenticating themselves to a wireless router. The goal is…
AppSec… XML External Entity (XXE) Vulnerability 14 Oct 20199 Mar 2020 According to OWASP, an XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to…
#Metasploit… BlueKeep – Exploit Windows (RDP Vulnerability) Remotely 10 Oct 201924 Jul 2020 Remote desktop protocol (RDP) is a secure network communications protocol designed for remote management, as well as for remote access to virtual desktops, applications and an RDP terminal server. RDP…
Attacks… Reverse Engineering Router Firmware 3 Oct 201924 Jul 2020 Reverse engineering, also called back engineering, is the process by which a man-made object is deconstructed to reveal its designs, architecture, or to extract knowledge from the object; similar to…
Attacks… Create a Backdoor Shell Script in Python 28 Sep 201924 Jul 2020 So we've delved into Python before, but this post should be a bit more interesting. What we will do today is write a backdoor in Python and if you manage…
#Metasploit… Exploiting Routers With Routersploit 26 Sep 201924 Jul 2020 If you have Wi-Fi at home, then you have a router, this is how you get your internet access. Today we will be looking a piece of software that allows…
Attacks… Find Vulnerable Devices On The Internet With Shodan 9 Sep 201924 Jul 2020 Welcome back to LSB and thanks for reading. Today we will be looking at how to search for vulnerable devices around the world using Shodan. Shodan is an index of…
#career… Hacking Android With Metasploit 4 Sep 201924 Jul 2020 Good morning/evening/night my fellow hackers, today's lesson is on Metasploit and how we can hack Android with a Metasploit payload. So let's get started!! As always, this post is for…
#career… Set up some Honeypots and a Threat Map 2 Sep 201924 Jul 2020 Welcome back my fellow ethical hackers. Remember, the contents in this post is for educational purposes and should only be used for ethical reasons, so with that caveat, let's get…
AppSec… Write a Ping Sweeper in 4 Lines of Bash 21 Aug 201924 Jul 2020 What we will do today is write a script that will ping a certain IP range and tell us which IP's respond to our ICMP requests. In other words we…
AppSec… Set Up A Penetration Testing Lab Easily With Vagrant 30 May 201924 Jul 2020 Today we will be looking at a neat little command line tool called Vagrant. This tool allows us to deploy virtual machines seamlessly and we are going to show you…
AppSec… Enabling Monitor Mode & Packet Injection on the Raspberry Pi 20 May 201924 Jul 2020 By Kodyhttps://null-byte.wonderhowto.com/how-to/enable-monitor-mode-packet-injection-raspberry-pi-0189378/The Raspberry Pi Zero W and Pi 3 Model B+ include integrated Wi-Fi, Bluetooth Low Energy, and more than enough power to run Kali Linux. They sound like perfect…
#career… OWASP A2: Broken Authentication and Session Management Cause and Prevention 12 May 201924 Jul 2020 Threat Agents Attack Vectors Security Weakness Technical Impacts Business Impacts Application Specific Exploitability AVERAGE Prevalence WIDESPREAD Detectability AVERAGE Impact SEVERE Application / Business Specific Consider anonymous external attackers, as well…
AppSec… New Exploits for Insecure SAP Systems 6 May 201924 Jul 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this activity alert in response to recently disclosed exploits that target insecure configurations of SAP components. Technical Details A presentation…
#career… Malware Analysis With Valkyrie 22 Apr 201924 Jul 2020 Valkyrie is a malware analysis tool that's free for you for a year to try out. You can visit https://valkyrie.comodo.com to sign up. Once you sign up you will presented…
AppSec… Emotet The Banking Trojan 11 Apr 201924 Jul 2020 Emotet is a kind of malware originally designed as a banking Trojan aimed at stealing financial data, but it’s evolved to become a major threat to users everywhere. Let’s talk…
#career… Create An SQL Backdoor 7 Apr 20197 Apr 2019 SQL Malware affects a variety of database-driven applications, including but not limited to web applications, services, and desktop applications. This breed of malware is made possible by the SQL functionality for triggers and stored sub-procedures. Notice: SQL malware persists beyond deletion of rows…
#Metasploit… NetBIOS Auxiliary Modules 26 Mar 201924 Jul 2020 Full article: https://www.offensive-security.com/metasploit-unleashed/scanner-netbios-auxiliary-modules/ nbname The nbname auxiliary module scans a range of hosts and determines their hostnames via NetBIOS. msf > use auxiliary/scanner/netbios/nbname msf auxiliary(nbname) > show options Module options (auxiliary/scanner/netbios/nbname): Name…
AppSec… SMB Exploited 14 Mar 201924 Jul 2020 Server Message Block (SMB) is the transport protocol used by Windows machines for a wide variety of purposes such as file sharing, printer sharing, and access to remote Windows services.…
AppSec… Ghidra – First impressions of the NSA Reverse Engineering Tool 13 Mar 201924 Jul 2020 Ghidra is a reverse engineering tool, written in Java, that was recently open-sourced by the National Security Agency (NSA). You can find the Github page here and the download link…
AppSec… Exploiting XXE Vulnerabilities 5 Mar 201924 Jul 2020 By Chris Davis XXE (XML External Entity) attacks happen when an XML parser improperly processes input from a user that contains an external entity declaration in the doctype of an…
AppSec… CSRF Code Examples and Defense 3 Mar 201924 Jul 2020 CSRF is an attack that tricks the victim into submitting a malicious request. It inherits the identity and privileges of the victim to perform an undesired function on the victim's…
AppSec… VFEmail Suffers ‘Catastrophic’ Hack 13 Feb 2019 Email company VFEmail suffered what they call a "catastrophic" hack that destroyed their primary and backup data for the U.S. The firm’s founder says he now fears some 18 years’…
AppSec… Create a Backdoor with Cryptcat 23 Dec 2018 In this tutorial, I'll introduce you to netcat's popular cousin, cryptcat (she's actually much cuter and more exotic than the plain netcat). Cryptcat enables us to communicate between two systems and encrypts…
Attacks… 500 Million Marriott Guest Records Stolen 30 Nov 20188 Dec 2018 The world's biggest hotel chain Marriott International today disclosed that unknown hackers compromised guest reservation database its subsidiary Starwood hotels and walked away with personal details of about 500 million…
AppSec… SQL Injection Attacks 20 Nov 2018 A customer asked that we check out his intranet site, which was used by the company's employees and customers. This was part of a larger security review, and though we'd…
#Metasploit… Payload in PDF 12 Nov 2018 Infected PDFs have always been a privileged way to infect users because this document format is very common and used by almost everyone. Moreover, it exists many ways to exploit Acrobat Reader…
#career… Now Is The Time, Linux is the Direction 11 Nov 201824 Jan 2019 Your future matters to us @ LSB, so get into Linux and see the new world it will open for you. Created by QuBits 2018-11-11
AppSec… OWASP Security Shepherd- Session Management Challenge One – Solution – LSB 12 Oct 201812 Oct 2018 We have another solution in the OWASP Security Shepherd challenges and we enjoyed completing this one. You can find out about Session Management from OWASP here. So let's get on…
AppSec… Penetration Testing – Complete Guide 10 Oct 201810 Dec 2018 What is Penetration Testing? It’s the process to identify security vulnerabilities in an application by evaluating the system or network with various malicious techniques. The weak points of a system…
Attacks… The Evil Twin Attack 8 Oct 201829 Oct 2019 I searched through many guides, and none of them really gave good description of how to do this. There’s a lot of software out there (such as SEToolkit, which can…
AppSec… OWASP Security Shepherd – Failure To Restrict Access Solution – LSB 27 Sep 201827 May 2019 Am I Vulnerable To 'Failure to Restrict URL Access'? The best way to find out if an application has failed to properly restrict URL access is to verify every page. Consider for…
