AppSec… Create a Persistent Back Door with Kali, Netcat and Weevely 13 Sep 201815 Aug 2020 This post will dive into how we can take advantage of a vulnerability in a web application to gain access and upload a backdoor that we can connect to in…
AppSec… OWASP Security Shepherd – Cross Site Scripting One Solution – LSB 12 Sep 201812 Sep 2018 Welcome back to LSB my budding hackers. Today's lesson is about Cross Site Scripting (Or XSS). Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected…
AppSec… OWASP Security Shepherd – Insecure Direct Object Reference Solution – LSB 10 Sep 2018 Welcome back to the Security Shepherd solutions from LSB. This was quite an interesting puzzle and it took a few tries to get the key. Insecure Direct Object Reference (called IDOR from here) occurs when…
AppSec… OWASP Security Shepherd – Failure To Restrict Access Solution – LSB 7 Sep 20187 Sep 2018 What is Failure to Restrict URL Access Vulnerability/Threat? Failure to restrict URL access occurs in applications hide functionality from non-privileged users. In an application that fails to restrict URL access, administration…
AppSec… AV evading with Veil 29 Aug 201822 Nov 2019 One of the most important issues any hacker must address is how to get past security devices and remain undetected. These can include antivirus software, intrusion detection systems, firewalls, web…
AppSec… W3af walkthrough and tutorial 9 Aug 20189 Aug 2018 w3af (Web Application audit and attack framework) is a framework for auditing and exploitation of web applications. In this series of articles we will be looking at almost all the…
AppSec… The Best Hacking Books 2018 25 Jul 201825 Jul 2018 BY HACKING TUTORIALS ON FEBRUARY 2, 2018 One of the most popular and most asked questions since I’ve started this blog is if I can recommend some good hacking books to read…
AppSec… Python Scripting For The Ethical Hacker 21 Jun 20188 Sep 2019 Welcome back, my greenhorn hackers!I began this series on scripting awhile back to teach all aspiring hackers how to write some basic scripts for hacking and reconnaissance. Without developing some basic scripting skills,…
AppSec… XSS in Canopy login page 21 Jun 201821 Jun 2018 [Description] CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by low-privileged users against higher-privileged users.This instance of stored cross-site scripting (XSS) vulnerability could…
AppSec… Stealing Signal Conversations from a MacBook 27 May 2018 Developed by Open Whisper Systems, Signal is a free, open-source encrypted communications app for both mobile and desktop devices that allows users to make voice calls, send instant messages, and even make…
AppSec… Password cracking with John the Ripper 24 May 201810 Feb 2019 Introduction For those of you who haven't yet heard about John the Ripper (hereby called John for brevity), it is a free password cracking tool written mostly in C. Before…
Cyber Security… Build a Beginner Hacking Kit with the Raspberry Pi 3 Model B+ 23 Apr 20186 Feb 2020 The Raspberry Pi is a perfect way to start. In 2018, the Raspberry Pi 3 Model B+ was released featuring a better CPU, Wi-Fi, Bluetooth, and Ethernet built in. Our recommended Kali Pi kit…
Cyber Security… How Does Ransomware Work? 31 Mar 2018 May 12, 2017 / RYAN MURPHY Ransomware is similar to other malware in that it installs itself on a computer and runs in the background without the user’s knowledge. But unlike malware that hides and…
#Metasploit… Metasploit | (Msfvenom) 24 Mar 20189 Nov 2019 Eluding and evading antivirus software and intrusion detection systems is one of the most critical tasks of the hacker.As soon as a new exploit is developed and discovered, the AV and IDS…
#Metasploit… Metasploit for the Aspiring Ethical Hacker, Part 3 (Payloads) – LSB 5 Dec 20176 Dec 2017 As you know, Metasploit is an exploitation framework that every hacker should be knowledgeable of and skilled at. It is one of my favorite hacking tools available. Let's take a closer look…
Attacks… Nmap Scripts for Recon 5 Dec 201727 Dec 2018 These Nmap NSE Scripts are all included in standard installations of Nmap. Use them to gather additional information on the targets you are scanning. The information can both add context…
Attacks… Metasploit for the Aspiring Ethical Hacker, Part 2 1 Dec 201729 Jan 2019 Part 1 is here: https://linuxsecurityblog.com/2016/03/01/metasploit-for-the-aspiring-ethical-hacker-part-1/ In this second tutorial, we will look at some of the basic commands we can use in Metasploit. Although the Metasploit framework can appear daunting to…
Attacks… Hackers can bypass new protections in MacOS High Sierra 29 Nov 201729 Nov 2017 MacOS High Sierra protections can be bypassed, but will make security researchers and companies work more difficult Hackers can bypass a new security feature in MacOS High Sierra to load…
AppSec… OWASP – A2 – Broken Authentication and Session Management – LSB 24 Nov 201729 Jun 2018 Threat Agents Consider anonymous external attackers, as well as users with their own accounts, who may attempt to steal accounts from others. Also consider insiders wanting to disguise their actions.…
Cyber Security… OWASP A1 – Injection, Cause and Prevention 23 Nov 20175 May 2019 Am I Vulnerable To 'Injection'? The best way to find out if an application is vulnerable to injection is to verify that all use of interpreters clearly separates untrusted data…
AppSec… Exploiting CSRF under NoScript Conditions 22 Nov 201716 Mar 2019 CSRFs -- or Cross-Site Request Forgery vulnerabilities -- occur when a server accepts requests that can be “spoofed” from a site running on a different domain. The attack goes something like this:…
AppSec… A Guide to Not Getting Hacked 20 Nov 20175 Mar 2019 Hackers steal hundreds of millions of passwords in one swoop and occasionally cause large-scale blackouts. The future is probably not going to get better, with real-life disasters caused by internet-connected knick-knacks, smart home robots that could kill…
Bugs… Amazon Key Lets Delivery People into Your House and It Just Got Hacked 16 Nov 201716 Nov 2017 A hardware safeguard in Amazon’s recently launched while-you’re-out delivery service turns out to have a big hole. And, well—let’s just say you probably should have seen this coming. Amazon Key uses a smart…
Attacks… WAFNinja – Web Application Firewall Attack Tool 7 Nov 201729 Jan 2019 WAFNinja is a Python-based Web Application Firewall Attack Tool designed to help penetration testers execute WAF bypass by automating the steps necessary to bypass input validation. The tool was created…
AppSec… OWASP Security Shepherd – Security Misconfiguration – Solution – LSB 2 Nov 201712 Dec 2019 Welcome back to another OWASP Security Shepherd solution. This challenge is called Security Misconfiguration. So we are given a Username and Password field and we can get the result key…
AppSec… you.dj Unlock The Sampler 30 Oct 201710 Aug 2018 If you've ever used the DJ application you.dj as a normal user you will have used the sampler to add various sounds to your mixes. But as a normal user…
Entertainment… KRACKing WPA2 19 Oct 201719 Oct 2017 Our main attack is against the 4-way handshake of the WPA2 protocol. This handshake is executed when a client wants to join a protected Wi-Fi network, and is used to…
AppSec… Owasp Security Shepherd – Poor Data Validation – Solution – LSB 8 Sep 201710 Jun 2019 Welcome hackers to a new OWASP Security Shepherd solution. The challenge in question is the Poor Data Validation and this happens when data is only checked on the client side.…
Hacking… Linux commands everyone should know 29 Aug 201729 Aug 2017 sysadmin commands for Linux development environments, containers, virtual machines (VMs), and bare metal. In a world bursting with new tools and diverse development environments, it's practically a necessity for any…
AppSec… How to Hijack Web Browsers Using BeEF 28 Aug 20177 Nov 2017 Welcome back my fellow hackers! Today we’re going to be introducing a new tool for hacking web browsers. Often times, we will need to exploit a variety of vulnerabilities associated…
AppSec… Security Shepherd Solutions 20 Aug 201715 Oct 2018 The OWASP Security Shepherd project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic.…
Hacking… Wifite : Hacking Wifi The Easy Way 20 Aug 201717 Aug 2018 Disclaimer - TLDR; some stuff here can be used to carry out illegal activity, our intention is, however, to educate. Wifite While the aircrack-ng suite is a well known name…
Dark Net… How Elliot & Fsociety Made Their Hack of Evil Corp Untraceable 17 Aug 201717 Aug 2017 Welcome back, my tenderfoot hackers! Well, the first season of Mr. Robot just ended and Elliot and fsociety successfully took down Evil Corp! They have effectively destroyed over 70% of the world's…
Android Security… How the CopyCat malware infected Android devices around the world 7 Jul 20177 Jul 2017 Check Point researchers identified a mobile malware that infected 14 million Android devices, rooting approximately 8 million of them, and earning the hackers behind the campaign approximately $1.5 million in…
Exploits… Systemd flaw leaves many Linux distros open to attack 4 Jul 20174 Jul 2017 A flaw in systemd, the init system used on many Linux systems, can be exploited using a malicious DNS query to either crash a system or to run code remotely.…
Attacks… How Shipping Giant Maersk Dealt With a Malware Meltdown, And Other Security News This Week 3 Jul 20173 Jul 2017 WHEN A PIECE of unprecedented malicious software rampages through thousands of critical networks around the world, it tends to get our full attention. And this week's digital plague, known as…
Attacks… Using Appcache and ServiceWorker for Evil 7 Jun 20177 Jun 2017 You’re a bad guy and you just hacked a website. Normally you leak the database and leave. The owner fixes everything next day and removes your backdoor. With Middlekit techniques…
Attacks… Thousands of computers now compromised with leaked NSA tools 27 Apr 201727 Apr 2017 Thousands of Microsoft Windows machines worldwide are infected with an NSA-developed backdoor that hackers installed by reusing leaked executable code from an outdated hacking toolkit belonging to the spy agency, multiple…
Hacking Hackers Are Already Targeting Our Critical Infrastructure 21 Mar 201721 Mar 2017 Cyber defenders still don’t understand the real threats that the power grid, energy plants and other critical infrastructure face. In the last few years, several government officials have made a…
Hacking Inside the Russian hack of Yahoo 20 Mar 201720 Mar 2017 One mistaken click. That's all it took for hackers aligned with the Russian state security service to gain access to Yahoo's network and potentially the email messages and private information of…
Cyber Security… In-the-wild exploits ramp up against sites using Apache Struts 19 Mar 201719 Mar 2017 Eight days after developers patched a critical flaw in the Apache Struts Web application framework, there has been no let-up in the volley of attacks attempting to exploit the vulnerability,…
Hacking The Coolest Hacks Of 2017 So Far 19 Dec 201628 Mar 2017 In a year when ransomware became the new malware and cyber espionage became a powerful political propaganda tool for Russia, it's easy to forget that not all hacking in 2016…
Linux Security Blog 
You must be logged in to post a comment.