AppSec… Stealing Signal Conversations from a MacBook 27 May 2018 Developed by Open Whisper Systems, Signal is a free, open-source encrypted communications app for both mobile and desktop devices that allows users to make voice calls, send instant messages, and even make…
AppSec… Setting Up A Snort IDS on Debian Linux 24 May 2018 Malicious network traffic (such as worms, hacking attempts, etc.) has certain patterns to it. You could monitor your network traffic with a sniffer and look for this malicious traffic manually…
AppSec… Password cracking with John the Ripper 24 May 201824 May 2018 Introduction For those of you who haven't yet heard about John the Ripper (hereby called John for brevity), it is a free password cracking tool written mostly in C. Before…
#career… Hackers Handbook In PDF Format – Full 5 Apr 20185 Apr 2018 Whether you are a security professional, student or just curious about application security, there is an amazing resource online that you can read and is an essential tool in the…
Attacks… Removing Chrome Adware 30 Jan 201830 Jan 2018 Here are couple of suggestions. When I mention commands, those are to be issued in command-line aka terminal , which you can access by pressing CtrlAltT Remove google-chrome related folders,…
#Metasploit… Metasploit for the Aspiring Hacker, Part 4 (Armitage) 13 Jan 201814 Jan 2018 Welcome back, my hacker novitiates! As you know by now, the Metasploit Framework is one of my favorite hacking tools. It is capable of embedding code into a remote system and controlling it, scanning…
Attacks… How to Crack a “Master Lock” Combination Lock 12 Jan 2018 It's funny how they call a "safe" a safe. If you don't know the combination to a Master Lock combination lock, you have a few options. If your lock is…
Attacks… Nmap Scripts for Recon | LSB 5 Dec 20175 Dec 2017 These Nmap NSE Scripts are all included in standard installations of Nmap. Use them to gather additional information on the targets you are scanning. The information can both add context…
Attacks… Metasploit for the Aspiring Ethical Hacker, Part 2 1 Dec 20171 Dec 2017 Part 1 is here: https://linuxsecurityblog.com/2016/03/01/metasploit-for-the-aspiring-ethical-hacker-part-1/ In this second tutorial, we will look at some of the basic commands we can use in Metasploit. Although the Metasploit framework can appear daunting to…
Attacks… Hackers can bypass new protections in MacOS High Sierra 29 Nov 201729 Nov 2017 MacOS High Sierra protections can be bypassed, but will make security researchers and companies work more difficult Hackers can bypass a new security feature in MacOS High Sierra to load…
AppSec… OWASP – A2 – Broken Authentication and Session Management – LSB 24 Nov 2017 Threat Agents Consider anonymous external attackers, as well as users with their own accounts, who may attempt to steal accounts from others. Also consider insiders wanting to disguise their actions.…
AppSec… Exploiting CSRF under NoScript Conditions 22 Nov 201722 Nov 2017 CSRFs -- or Cross-Site Request Forgery vulnerabilities -- occur when a server accepts requests that can be “spoofed” from a site running on a different domain. The attack goes something like this:…
AppSec… On Web Extensions shortcomings and their impact on add-on security 12 Nov 201712 Nov 2017 Recently, I reported a security issue in the new Firefox Screenshots feature (fixed in Firefox 56). This issue is remarkable for a number of reasons. First of all, the vulnerable code was…
Attacks… Set up a Honeypot on AWS 8 Nov 20178 Nov 2017 If you’re aspiring to become a professional in the field of computer security, wish to understand further the current threat landscape or simply want to have a play around with…
Attacks… WAFNinja – Web Application Firewall Attack Tool 7 Nov 20177 Nov 2017 WAFNinja is a Python-based Web Application Firewall Attack Tool designed to help penetration testers execute WAF bypass by automating the steps necessary to bypass input validation. The tool was created…
AppSec… How to Hijack Web Browsers Using BeEF 28 Aug 20177 Nov 2017 Welcome back my fellow hackers! Today we’re going to be introducing a new tool for hacking web browsers. Often times, we will need to exploit a variety of vulnerabilities associated…
AppSec… Security Shepherd Solutions 20 Aug 201728 Aug 2017 The OWASP Security Shepherd project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic.…
Attacks… Malware Types Explained 15 Aug 201715 Aug 2017 In this article we will be looking at the different kinds of malware and what they do. When performing static or dynamic malware analysis it is crucial to have a…
Android Security… How the CopyCat malware infected Android devices around the world 7 Jul 20177 Jul 2017 Check Point researchers identified a mobile malware that infected 14 million Android devices, rooting approximately 8 million of them, and earning the hackers behind the campaign approximately $1.5 million in…
Attacks… How Shipping Giant Maersk Dealt With a Malware Meltdown, And Other Security News This Week 3 Jul 20173 Jul 2017 WHEN A PIECE of unprecedented malicious software rampages through thousands of critical networks around the world, it tends to get our full attention. And this week's digital plague, known as…
Attacks… Using Appcache and ServiceWorker for Evil 7 Jun 20177 Jun 2017 You’re a bad guy and you just hacked a website. Normally you leak the database and leave. The owner fixes everything next day and removes your backdoor. With Middlekit techniques…
Attacks… Fake Google Docs phishing deluge hits Gmail 4 May 20174 May 2017 A new phishing attack has appeared in inboxes around the world that masquerades as an email contact sharing a Google Doc. The emails appear to originate from a legitimate account,…
Attacks… DDoS Attacks Surge, Organizations Struggle to Respond 3 May 20173 May 2017 Organizations often discover a DDoS attack only after being alerted to the fact by a third-party or customer, Neustar survey shows. Despite heightened awareness of distributed denial-of-service (DDoS) attacks, organizations…
Attacks… Thousands of computers now compromised with leaked NSA tools 27 Apr 201727 Apr 2017 Thousands of Microsoft Windows machines worldwide are infected with an NSA-developed backdoor that hackers installed by reusing leaked executable code from an outdated hacking toolkit belonging to the spy agency, multiple…
Attacks Lizard Squad Taking Over CCTV Devices to Conduct DDoS Attacks 5 Jul 20165 Jul 2016 Lizard Squad hackers have been conducting Distributed Denial of Service (#DDoS) Attacks on banking and government institutions after compromising CCTV devices worldwide! Earlier in two previous incidents, researchers discovered hackers taking…
Attacks Biggest cybersecurity threats in 2016 16 Jun 201616 Jun 2016 Headless worms, machine-to-machine attacks, jailbreaking, ghostware and two-faced malware: The language of cybersecurity incites a level of fear that seems appropriate, given all that's at stake. In the coming year,…
Attacks The buffer overflow 20 Apr 201620 Apr 2016 At its core, the buffer overflow is an astonishingly simple bug that results from a common practice. Computer programs frequently operate on chunks of data that are read from a…
Attacks Angler Malvertising Campaign Hits Top Publishers 30 Mar 201630 Mar 2016 During the past few weeks, malvertising activity was a little bit on the decline, at least within our own telemetry. We were mainly seeing the usual suspects pushing a lot…
Attacks More than 11 Million OpenSSL HTTPS Websites at Risk 1 Mar 20161 Mar 2016 A new deadly security vulnerability has been discovered in OpenSSL that affects more than 11 Million modern websites and e-mail services protected by an ancient, long deprecated transport layer security…
Attacks… Cross Site Scripting Cheat Sheet 23 Feb 201629 Feb 2016 This cheat sheet is for people who already understand the basics of Cross Site Scripting (XSS) attacks but want a deep understanding of the nuances regarding filter evasion. XSS Locator…
Attacks As promised, hacker leaks contact info of FBI employees 13 Feb 201613 Feb 2016 Hacker makes good his promise and leaks contact information of 20000 FBI employees. After releasing stolen records of 9000 employee from Department of Homeland Security, the hacker who goes by…
Attacks… Defending against CSRF Attacks 11 Feb 201611 Feb 2016 Cross-Site Request Forgery, or CSRF for short is a common and regular online attack. CSRF also goes by the acronym XSRF and the phrase “Sea-Surf”. CSRF attacks include a malicious…
Attacks Giant DDoS attacks are now hitting 500Gbps 31 Jan 20161 Feb 2016 Criminals flexing their technical muscles was the biggest motivation last year behind distributed denial-of-service attacks (DDoS), which involve flooding a target's web servers with junk traffic, according to an analysis…
