AppSec… OWASP Security Shepherd – Insecure Cryptographic Storage Challenge 1 Solution – LSB 21 Sep 2018 Thanks for visiting and today we have another OWASP Security Shepherd Solution for you. This time it's the Insecure Cryptographic Storage Challenge. Cryptography is usually the safest way to communicate…
AppSec… OWASP Security Shepherd – SQL Injection Solution – LSB 15 Sep 201819 Sep 2019 A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data…
AppSec… Create a Persistent Back Door with Kali, Netcat and Weevely 13 Sep 201815 Aug 2020 This post will dive into how we can take advantage of a vulnerability in a web application to gain access and upload a backdoor that we can connect to in…
AppSec… OWASP Security Shepherd – Cross Site Scripting One Solution – LSB 12 Sep 201812 Sep 2018 Welcome back to LSB my budding hackers. Today's lesson is about Cross Site Scripting (Or XSS). Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected…
AppSec… OWASP Security Shepherd – Insecure Direct Object Reference Solution – LSB 10 Sep 2018 Welcome back to the Security Shepherd solutions from LSB. This was quite an interesting puzzle and it took a few tries to get the key. Insecure Direct Object Reference (called IDOR from here) occurs when…
AppSec… AV evading with Veil 29 Aug 201822 Nov 2019 One of the most important issues any hacker must address is how to get past security devices and remain undetected. These can include antivirus software, intrusion detection systems, firewalls, web…
Android Security… How To Find And Delete Where Google Knows You’ve Been 14 Aug 201814 Aug 2018 Even if “Location History” is off on your phone, Google often still stores your precise location Here are some things you can do to delete those markers and keep your location…
AppSec… W3af walkthrough and tutorial 9 Aug 20189 Aug 2018 w3af (Web Application audit and attack framework) is a framework for auditing and exploitation of web applications. In this series of articles we will be looking at almost all the…
AppSec… The Best Hacking Books 2018 25 Jul 201825 Jul 2018 BY HACKING TUTORIALS ON FEBRUARY 2, 2018 One of the most popular and most asked questions since I’ve started this blog is if I can recommend some good hacking books to read…
AppSec… Python Scripting For The Ethical Hacker 21 Jun 20188 Sep 2019 Welcome back, my greenhorn hackers!I began this series on scripting awhile back to teach all aspiring hackers how to write some basic scripts for hacking and reconnaissance. Without developing some basic scripting skills,…
AppSec… XSS in Canopy login page 21 Jun 201821 Jun 2018 [Description] CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by low-privileged users against higher-privileged users.This instance of stored cross-site scripting (XSS) vulnerability could…
AppSec… Stealing Signal Conversations from a MacBook 27 May 2018 Developed by Open Whisper Systems, Signal is a free, open-source encrypted communications app for both mobile and desktop devices that allows users to make voice calls, send instant messages, and even make…
AppSec… Setting Up A Snort IDS on Debian Linux 24 May 2018 Malicious network traffic (such as worms, hacking attempts, etc.) has certain patterns to it. You could monitor your network traffic with a sniffer and look for this malicious traffic manually…
AppSec… Password cracking with John the Ripper 24 May 201810 Feb 2019 Introduction For those of you who haven't yet heard about John the Ripper (hereby called John for brevity), it is a free password cracking tool written mostly in C. Before…
Attacks… Removing Chrome Adware 30 Jan 201830 Jan 2018 Here are couple of suggestions. When I mention commands, those are to be issued in command-line aka terminal , which you can access by pressing CtrlAltT Remove google-chrome related folders,…
Attacks… How to Crack a “Master Lock” Combination Lock 12 Jan 2018 It's funny how they call a "safe" a safe. If you don't know the combination to a Master Lock combination lock, you have a few options. If your lock is…
Attacks… Nmap Scripts for Recon 5 Dec 201727 Dec 2018 These Nmap NSE Scripts are all included in standard installations of Nmap. Use them to gather additional information on the targets you are scanning. The information can both add context…
Attacks… Metasploit for the Aspiring Ethical Hacker, Part 2 1 Dec 201729 Jan 2019 Part 1 is here: https://linuxsecurityblog.com/2016/03/01/metasploit-for-the-aspiring-ethical-hacker-part-1/ In this second tutorial, we will look at some of the basic commands we can use in Metasploit. Although the Metasploit framework can appear daunting to…
Attacks… Hackers can bypass new protections in MacOS High Sierra 29 Nov 201729 Nov 2017 MacOS High Sierra protections can be bypassed, but will make security researchers and companies work more difficult Hackers can bypass a new security feature in MacOS High Sierra to load…
AppSec… OWASP – A2 – Broken Authentication and Session Management – LSB 24 Nov 201729 Jun 2018 Threat Agents Consider anonymous external attackers, as well as users with their own accounts, who may attempt to steal accounts from others. Also consider insiders wanting to disguise their actions.…
AppSec… Exploiting CSRF under NoScript Conditions 22 Nov 201716 Mar 2019 CSRFs -- or Cross-Site Request Forgery vulnerabilities -- occur when a server accepts requests that can be “spoofed” from a site running on a different domain. The attack goes something like this:…
AppSec… On Web Extensions shortcomings and their impact on add-on security 12 Nov 201712 Nov 2017 Recently, I reported a security issue in the new Firefox Screenshots feature (fixed in Firefox 56). This issue is remarkable for a number of reasons. First of all, the vulnerable code was…
Attacks… Set up a Honeypot on AWS 8 Nov 20178 Nov 2017 If you’re aspiring to become a professional in the field of computer security, wish to understand further the current threat landscape or simply want to have a play around with…
Attacks… WAFNinja – Web Application Firewall Attack Tool 7 Nov 201729 Jan 2019 WAFNinja is a Python-based Web Application Firewall Attack Tool designed to help penetration testers execute WAF bypass by automating the steps necessary to bypass input validation. The tool was created…
AppSec… How to Hijack Web Browsers Using BeEF 28 Aug 20177 Nov 2017 Welcome back my fellow hackers! Today we’re going to be introducing a new tool for hacking web browsers. Often times, we will need to exploit a variety of vulnerabilities associated…
AppSec… Security Shepherd Solutions 20 Aug 201715 Oct 2018 The OWASP Security Shepherd project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic.…
Attacks… Malware Types Explained 15 Aug 201715 Aug 2017 In this article we will be looking at the different kinds of malware and what they do. When performing static or dynamic malware analysis it is crucial to have a…
Android Security… How the CopyCat malware infected Android devices around the world 7 Jul 20177 Jul 2017 Check Point researchers identified a mobile malware that infected 14 million Android devices, rooting approximately 8 million of them, and earning the hackers behind the campaign approximately $1.5 million in…
Attacks… How Shipping Giant Maersk Dealt With a Malware Meltdown, And Other Security News This Week 3 Jul 20173 Jul 2017 WHEN A PIECE of unprecedented malicious software rampages through thousands of critical networks around the world, it tends to get our full attention. And this week's digital plague, known as…
Attacks… Using Appcache and ServiceWorker for Evil 7 Jun 20177 Jun 2017 You’re a bad guy and you just hacked a website. Normally you leak the database and leave. The owner fixes everything next day and removes your backdoor. With Middlekit techniques…
Attacks… Fake Google Docs phishing deluge hits Gmail 4 May 20174 May 2017 A new phishing attack has appeared in inboxes around the world that masquerades as an email contact sharing a Google Doc. The emails appear to originate from a legitimate account,…
Attacks… DDoS Attacks Surge, Organizations Struggle to Respond 3 May 20173 May 2017 Organizations often discover a DDoS attack only after being alerted to the fact by a third-party or customer, Neustar survey shows. Despite heightened awareness of distributed denial-of-service (DDoS) attacks, organizations…
Attacks… Thousands of computers now compromised with leaked NSA tools 27 Apr 201727 Apr 2017 Thousands of Microsoft Windows machines worldwide are infected with an NSA-developed backdoor that hackers installed by reusing leaked executable code from an outdated hacking toolkit belonging to the spy agency, multiple…
Attacks… Cracking WPA/WPA2 Encryption 15 Jan 201725 Aug 2019 A little Disclaimer – The contents of this post are solely for ethical and educational purposes. You may not use it for unethical purposes. The Author or the Website is…
Attacks Lizard Squad Taking Over CCTV Devices to Conduct DDoS Attacks 5 Jul 20165 Jul 2016 Lizard Squad hackers have been conducting Distributed Denial of Service (#DDoS) Attacks on banking and government institutions after compromising CCTV devices worldwide! Earlier in two previous incidents, researchers discovered hackers taking…
Attacks Biggest cybersecurity threats in 2016 16 Jun 201616 Jun 2016 Headless worms, machine-to-machine attacks, jailbreaking, ghostware and two-faced malware: The language of cybersecurity incites a level of fear that seems appropriate, given all that's at stake. In the coming year,…
Android… Resources for Rooting your Android Device 11 May 201625 Jun 2020 As Android matures, the wide-open style of root access we may have grown used to with legacy versions has gone away. Because Android is designed for mobile devices, the focus…
Attacks The buffer overflow 20 Apr 201620 Apr 2016 At its core, the buffer overflow is an astonishingly simple bug that results from a common practice. Computer programs frequently operate on chunks of data that are read from a…
Attacks Angler Malvertising Campaign Hits Top Publishers 30 Mar 201630 Mar 2016 During the past few weeks, malvertising activity was a little bit on the decline, at least within our own telemetry. We were mainly seeing the usual suspects pushing a lot…
AppSec… Pen Testing Web Browsers With BeEF 14 Mar 201628 Nov 2019 BeEF was developed by a group of developers led by Wade Alcorn. Built on the familiar Ruby on Rails platform, BeEF was developed to explore the vulnerabilities in browsers and…
#career… SQLMap – Testing With SQL Injection 12 Mar 20168 Oct 2021 Sqlmap is included in pen testing linux distros like kali linux, backtrack, backbox etc. On other distros it can be simply downloaded from the following url: http://sqlmap.org/. Since its written…
#Metasploit… Metasploit for the Aspiring Ethical Hacker, Part 1 1 Mar 201614 May 2019 Metasploit was developed by HD Moore as an open source project in 2003. Originally written in Perl, Metasploit was completely rewritten in Ruby in 2007. In 2009, it was purchased…
Linux Security Blog 
You must be logged in to post a comment.