#career… Secure Coding in Java 16 Feb 201916 Feb 2019 A comprehensive guide to coding safely and preventing security holes in your applications. 1 Denial of Service Input into a system should be checked so that it will not cause…
AppSec… VFEmail Suffers ‘Catastrophic’ Hack 13 Feb 2019 Email company VFEmail suffered what they call a "catastrophic" hack that destroyed their primary and backup data for the U.S. The firm’s founder says he now fears some 18 years’…
AppSec… Create a Backdoor with Cryptcat 23 Dec 2018 In this tutorial, I'll introduce you to netcat's popular cousin, cryptcat (she's actually much cuter and more exotic than the plain netcat). Cryptcat enables us to communicate between two systems and encrypts…
#career… Pivoting the Network 18 Dec 201818 Dec 2018 What is Pivoting? Pivoting is the unique technique of using an instance (also referred to as a ‘plant’ or ‘foothold’) to be able to move around inside a network. Basically…
Cyber Security… Veil – AV Evasion – Set Up and Tutorial 17 Dec 2018 Veil-Evasion is a tool designed to generate metasploit payloads that bypass common anti-virus solutions. NOTE: ./setup/setup.sh should be re-run on every major version update. If you receive any major errors on running…
#career… Pwned 10 Dec 201823 Jan 2019 Let[s] talk a little about this box. In this HTB machine we will see only one port is open and that will be the http one , we will fireup the dirbuster…
#career… Cyber Monday Sale Starts NOW!(FOR A WEEK!!) 26 Nov 201830 Nov 2018 Yikes, yes, we are rolling out Cyber Monday deals for a week. This will hopefully make up for the lack of Black Friday deals, but maybe Black Friday has died.…
AppSec… SQL Injection Attacks 20 Nov 2018 A customer asked that we check out his intranet site, which was used by the company's employees and customers. This was part of a larger security review, and though we'd…
#Metasploit… Payload in PDF 12 Nov 2018 Infected PDFs have always been a privileged way to infect users because this document format is very common and used by almost everyone. Moreover, it exists many ways to exploit Acrobat Reader…
#career… Now Is The Time, Linux is the Direction 11 Nov 201824 Jan 2019 Your future matters to us @ LSB, so get into Linux and see the new world it will open for you. Created by QuBits 2018-11-11
#career… Linux Foundation Deals For LSB Followers 25 Oct 2018 We are delighted to be able to team up with The Linux Foundation to bring you some great deals on amazing Linux courses and materials. All courses, on completion is…
AppSec… OWASP Security Shepherd- Session Management Challenge One – Solution – LSB 12 Oct 201812 Oct 2018 We have another solution in the OWASP Security Shepherd challenges and we enjoyed completing this one. You can find out about Session Management from OWASP here. So let's get on…
AppSec… Penetration Testing – Complete Guide 10 Oct 201810 Dec 2018 What is Penetration Testing? It’s the process to identify security vulnerabilities in an application by evaluating the system or network with various malicious techniques. The weak points of a system…
Attacks… The Evil Twin Attack 8 Oct 2018 By Matthew Cranford I searched through many guides, and none of them really gave good description of how to do this. There’s a lot of software out there (such as…
AppSec… OWASP Security Shepherd – Failure To Restrict Access Solution – LSB 27 Sep 201827 Sep 2018 Am I Vulnerable To 'Failure to Restrict URL Access'? The best way to find out if an application has failed to properly restrict URL access is to verify every page. Consider for…
AppSec… OWASP Security Shepherd – Insecure Cryptographic Storage Challenge 1 Solution – LSB 21 Sep 2018 Thanks for visiting and today we have another OWASP Security Shepherd Solution for you. This time it's the Insecure Cryptographic Storage Challenge. Cryptography is usually the safest way to communicate…
AppSec… OWASP Security Shepherd – SQL Injection Solution – LSB 15 Sep 2018 A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data…
AppSec… Create a Back Door with Kali, Netcat and Weevely – LSB 13 Sep 20188 Dec 2018 Welcome back my budding hackers. We hope you enjoy this security tutorial by our ethical hacker QuBits. Our network is below. We will be creating a backdoor in DVWA Command…
AppSec… OWASP Security Shepherd – Cross Site Scripting One Solution – LSB 12 Sep 201812 Sep 2018 Welcome back to LSB my budding hackers. Today's lesson is about Cross Site Scripting (Or XSS). Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected…
AppSec… OWASP Security Shepherd – Insecure Direct Object Reference Solution – LSB 10 Sep 2018 Welcome back to the Security Shepherd solutions from LSB. This was quite an interesting puzzle and it took a few tries to get the key. Insecure Direct Object Reference (called IDOR from here) occurs when…
AppSec… OWASP Security Shepherd – Failure To Restrict Access Solution – LSB 7 Sep 20187 Sep 2018 What is Failure to Restrict URL Access Vulnerability/Threat? Failure to restrict URL access occurs in applications hide functionality from non-privileged users. In an application that fails to restrict URL access, administration…
AppSec… AV evading with Veil 29 Aug 201822 Sep 2018 One of the most important issues any hacker must address is how to get past security devices and remain undetected. These can include antivirus software, intrusion detection systems, firewalls, web…
AppSec… W3af walkthrough and tutorial 9 Aug 20189 Aug 2018 w3af (Web Application audit and attack framework) is a framework for auditing and exploitation of web applications. In this series of articles we will be looking at almost all the…
AppSec… The Best Hacking Books 2018 25 Jul 201825 Jul 2018 BY HACKING TUTORIALS ON FEBRUARY 2, 2018 One of the most popular and most asked questions since I’ve started this blog is if I can recommend some good hacking books to read…
AppSec… Python Scripting For The Ethical Hacker 21 Jun 2018 Welcome back, my greenhorn hackers! I began this series on scripting awhile back to teach all aspiring hackers how to write some basic scripts for hacking and reconnaissance. Without developing some basic scripting…
AppSec… XSS in Canopy login page 21 Jun 201821 Jun 2018 [Description] CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by low-privileged users against higher-privileged users.This instance of stored cross-site scripting (XSS) vulnerability could…
AppSec… Stealing Signal Conversations from a MacBook 27 May 2018 Developed by Open Whisper Systems, Signal is a free, open-source encrypted communications app for both mobile and desktop devices that allows users to make voice calls, send instant messages, and even make…
AppSec… Password cracking with John the Ripper 24 May 201810 Feb 2019 Introduction For those of you who haven't yet heard about John the Ripper (hereby called John for brevity), it is a free password cracking tool written mostly in C. Before…
Cyber Security… How Does Ransomware Work? 31 Mar 2018 May 12, 2017 / RYAN MURPHY Ransomware is similar to other malware in that it installs itself on a computer and runs in the background without the user’s knowledge. But unlike malware that hides and…
#Metasploit… Metasploit for the Aspiring Hacker | (Msfvenom) 24 Mar 2018 BY OCCUPYTHEWEB 01/12/2015 10:13 PM METASPLOIT BASICS Welcome back, my hacker novitiates! Eluding and evading antivirus software and intrusion detection systems is one of the most critical tasks of the hacker. As soon…
Attacks… Removing Chrome Adware 30 Jan 201830 Jan 2018 Here are couple of suggestions. When I mention commands, those are to be issued in command-line aka terminal , which you can access by pressing CtrlAltT Remove google-chrome related folders,…
#Metasploit… Metasploit for the Aspiring Hacker, Part 4 (Armitage) 13 Jan 201814 Jan 2018 Welcome back, my hacker novitiates! As you know by now, the Metasploit Framework is one of my favorite hacking tools. It is capable of embedding code into a remote system and controlling it, scanning…
Attacks… How to Crack a “Master Lock” Combination Lock 12 Jan 2018 It's funny how they call a "safe" a safe. If you don't know the combination to a Master Lock combination lock, you have a few options. If your lock is…
AppSec… Spamming Facebook Messages 3 Jan 201811 Apr 2018 We have reported this bug to Facebook and they replied asking "How is this different than hitting the message button?" If you want to spam everyone in the World that…
Attacks… Nmap Scripts for Recon 5 Dec 201727 Dec 2018 These Nmap NSE Scripts are all included in standard installations of Nmap. Use them to gather additional information on the targets you are scanning. The information can both add context…
Attacks… Metasploit for the Aspiring Ethical Hacker, Part 2 1 Dec 201729 Jan 2019 Part 1 is here: https://linuxsecurityblog.com/2016/03/01/metasploit-for-the-aspiring-ethical-hacker-part-1/ In this second tutorial, we will look at some of the basic commands we can use in Metasploit. Although the Metasploit framework can appear daunting to…
#career… Security and Linux 30 Nov 201730 Nov 2017 As Linux users we have some inherent advantages over our fellow Windows users when it comes to security (or lack there of). Hackers, rather like gamblers, use the laws of…
Attacks… Hackers can bypass new protections in MacOS High Sierra 29 Nov 201729 Nov 2017 MacOS High Sierra protections can be bypassed, but will make security researchers and companies work more difficult Hackers can bypass a new security feature in MacOS High Sierra to load…
Cyber Security… Cracking the Perimeter – A Framework For Ethical Hacking – LSB 25 Nov 2017 Perimeter security is generally the most hardened part of a network. It’s not uncommon to see the inner workings of a network are relatively defenseless from other in network devices.…
AppSec… OWASP – A2 – Broken Authentication and Session Management – LSB 24 Nov 201729 Jun 2018 Threat Agents Consider anonymous external attackers, as well as users with their own accounts, who may attempt to steal accounts from others. Also consider insiders wanting to disguise their actions.…
Cyber Security… OWASP A1 – Injection, Cause and Prevention 23 Nov 2017 Am I Vulnerable To 'Injection'? The best way to find out if an application is vulnerable to injection is to verify that all use of interpreters clearly separates untrusted data…
AppSec… Exploiting CSRF under NoScript Conditions 22 Nov 201722 Nov 2017 CSRFs -- or Cross-Site Request Forgery vulnerabilities -- occur when a server accepts requests that can be “spoofed” from a site running on a different domain. The attack goes something like this:…
AppSec… A Guide to Not Getting Hacked 20 Nov 201716 Jan 2019 Do you want to stop criminals from getting into your Gmail or Facebook account? Are you worried about the cops spying on you? We have all the answers on how…
Dorking… Google Dorking 16 Nov 201720 Nov 2017 As you all know Google is the most popular search engine in the world. Google serves almost 80% of the search queries on the internet. It itself a big achievement. By doing power…
Bugs… Amazon Key Lets Delivery People into Your House and It Just Got Hacked 16 Nov 201716 Nov 2017 A hardware safeguard in Amazon’s recently launched while-you’re-out delivery service turns out to have a big hole. And, well—let’s just say you probably should have seen this coming. Amazon Key uses a smart…
AppSec… On Web Extensions shortcomings and their impact on add-on security 12 Nov 201712 Nov 2017 Recently, I reported a security issue in the new Firefox Screenshots feature (fixed in Firefox 56). This issue is remarkable for a number of reasons. First of all, the vulnerable code was…
Attacks… WAFNinja – Web Application Firewall Attack Tool 7 Nov 201729 Jan 2019 WAFNinja is a Python-based Web Application Firewall Attack Tool designed to help penetration testers execute WAF bypass by automating the steps necessary to bypass input validation. The tool was created…
AppSec… OWASP Security Shepherd – Security Misconfiguration – Solution – LSB 2 Nov 20173 Nov 2017 Welcome back to another OWASP Security Shepherd solution. This challenge is called Security Misconfiguration. So we are given a Username and Password field and we can get the result key…
AppSec… you.dj Unlock The Sampler 30 Oct 201710 Aug 2018 If you've ever used the DJ application you.dj as a normal user you will have used the sampler to add various sounds to your mixes. But as a normal user…
Entertainment… KRACKing WPA2 19 Oct 201719 Oct 2017 Our main attack is against the 4-way handshake of the WPA2 protocol. This handshake is executed when a client wants to join a protected Wi-Fi network, and is used to…
AppSec… Owasp Security Shepherd – Poor Data Validation – Solution – LSB 8 Sep 20171 Aug 2018 Welcome hackers to a new OWASP Security Shepherd solution. The challenge in question is the Poor Data Validation and this happens when data is only checked on the client side.…
