Skip to content

Linux Security Blog

How Hackers Work

Search
  • Home
  • Shep Tutorials
    • Set Up Security Shepherd On VMWare
    • Failure To Restrict Access – Solution
    • Insecure DOR – Solution
    • Poor Data Validation – Solution
    • Security Misconfiguration – Solution
    • Insecure Direct Object Reference 2 Solution
    • Cross Site Scripting One Solution
    • SQL Injection Solution
    • OWASP Security Shepherd – Failure To Restrict Access Solution
    • Session Management Challenge One – Solution
  • GNS3 Series
    • Install GNS3 2.2 on Windows10 | Download Link Included
    • Import VirtualBox Images to GNS3
  • Python Series
    • Part I
    • Part II
  • About

Featured

8Jul 202024 Jul 2020
Add a comment

Exploiting F5 Big IP Vulnerability | CVE-2020-5902

CVE-2020-5902 is a critical remote code execution vulnerability in the configuration interface (aka Traffic Management User Interface – TMUI) of…

18Jun 202024 Jul 2020
1 Comment

Windows Takeover with a PDF File

There are multiple ways to exploit and take over a Windows machine, today we will look at doing this with…

16Jun 202024 Jul 2020
2 Comments

Discover & Attack Raspberry Pi’s on a Network

Many people never bother to change their default password on their devices. For a Raspberry Pi, this can leave it…

#career…

Malware Analysis With Valkyrie

22 Apr 201924 Jul 2020
Valkyrie is a malware analysis tool that's free for you for a year to try out. You can visit https://valkyrie.comodo.com to sign up. Once you sign up you will presented…
AppSec…

Adblock Plus filter lists may execute arbitrary code

15 Apr 201924 Jul 2020
A new version of Adblock Plus was released on July 17, 2018. Version 3.2 introduced a new filter option for rewriting requests. A day later AdBlock followed suit and released…
AppSec…

Emotet The Banking Trojan

11 Apr 201924 Jul 2020
Emotet is a kind of malware originally designed as a banking Trojan aimed at stealing financial data, but it’s evolved to become a major threat to users everywhere. Let’s talk…
#career…

Create An SQL Backdoor

7 Apr 20197 Apr 2019
SQL Malware affects a variety of database-driven applications, including but not limited to web applications, services, and desktop applications. This breed of malware is made possible by the SQL functionality for triggers and stored sub-procedures. Notice: SQL malware persists beyond deletion of rows…
Cryptography…

The Darknet 2019

7 Apr 201924 Jul 2020
Do you want to access the update about deep web links or, the hidden wiki, Deep web sites, Dark web Search, The Dark Web Links, tor onion links, tor hidden wiki links, deep web sites…
#Metasploit…

NetBIOS Auxiliary Modules

26 Mar 201924 Jul 2020
Full article: https://www.offensive-security.com/metasploit-unleashed/scanner-netbios-auxiliary-modules/ nbname The nbname auxiliary module scans a range of hosts and determines their hostnames via NetBIOS. msf > use auxiliary/scanner/netbios/nbname msf auxiliary(nbname) > show options Module options (auxiliary/scanner/netbios/nbname): Name…
AppSec…

SMB Exploited

14 Mar 201924 Jul 2020
Server Message Block (SMB) is the transport protocol used by Windows machines for a wide variety of purposes such as file sharing, printer sharing, and access to remote Windows services.…
AppSec…

Ghidra – First impressions of the NSA Reverse Engineering Tool

13 Mar 201924 Jul 2020
Ghidra is a reverse engineering tool, written in Java, that was recently open-sourced by the National Security Agency (NSA). You can find the Github page here and the download link…
AppSec…

Exploiting XXE Vulnerabilities

5 Mar 201924 Jul 2020
By Chris Davis XXE (XML External Entity) attacks happen when an XML parser improperly processes input from a user that contains an external entity declaration in the doctype of an…
AppSec…

CSRF Code Examples and Defense

3 Mar 201924 Jul 2020
CSRF is an attack that tricks the victim into submitting a malicious request. It inherits the identity and privileges of the victim to perform an undesired function on the victim's…
#career…

Web Application Security

21 Feb 201924 Jul 2020
WHAT IS WEB APPLICATION SECURITY Web application security is the process of protecting websites and online services against different security threats that exploit vulnerabilities in an application’s code. Common targets…
AppSec…

VFEmail Suffers ‘Catastrophic’ Hack

13 Feb 2019
Email company VFEmail suffered what they call a "catastrophic" hack that destroyed their primary and backup data for the U.S. The firm’s founder says he now fears some 18 years’…
Android Security…

It’s Time To take back Our Internet

20 Jan 201920 Jan 2019
Tim Berners Lee was recently awarded the Turing Award (The ACM A.M. Turing Award is an annual prize given by the Association for Computing Machinery (ACM) to "an individual selected…
#career…

Intro to Git and GitHub for Linux

7 Jan 20197 Jan 2019
The Git distributed revision control system is a sweet step up from Subversion, CVS, Mercurial, and all those others we've tried and made do with. It's great for distributed development,…
Bugs…

Cuckoo – Sandboxed Malware Analysis

27 Dec 201822 Nov 2019
What is Cuckoo? Cuckoo Sandbox is the leading open source automated malware analysis system. You can throw any suspicious file at it and in a matter of minutes Cuckoo will provide…
#career…

We Have Linux Foundation Deals for you

23 Dec 201814 May 2020
As usual we have amazing new deals on Linux Foundation certificates and courses. Sign on and use your own pace to finish the course. Prometheus is the latast deal!! Updated…
AppSec…

Create a Backdoor with Cryptcat

23 Dec 2018
In this tutorial, I'll introduce you to netcat's popular cousin, cryptcat (she's actually much cuter and more exotic than the plain netcat). Cryptcat enables us to communicate between two systems and encrypts…
Cyber Security…

Veil – AV Evasion – Set Up and Tutorial

17 Dec 2018
Veil-Evasion is a tool designed to generate metasploit payloads that bypass common anti-virus solutions. NOTE: ./setup/setup.sh should be re-run on every major version update. If you receive any major errors on running…
Cyber Security…

Router Hardening Checklist

9 Dec 20189 Dec 2018
Network infrastructure devices (routers, switches, load balancers, firewalls etc) are among the assets of an enterprise that play an important role in security and thus need to be protected and…
Attacks…

500 Million Marriott Guest Records Stolen

30 Nov 20188 Dec 2018
The world's biggest hotel chain Marriott International today disclosed that unknown hackers compromised guest reservation database its subsidiary Starwood hotels and walked away with personal details of about 500 million…
#career…

Cyber Monday Sale Starts NOW!(FOR A WEEK!!)

26 Nov 201830 Nov 2018
Yikes, yes, we are rolling out Cyber Monday deals for a week. This will hopefully make up for the lack of Black Friday deals, but maybe Black Friday has died.…
AppSec…

SQL Injection Attacks

20 Nov 2018
A customer asked that we check out his intranet site, which was used by the company's employees and customers. This was part of a larger security review, and though we'd…
Crypto Currency…

Banks Must Embrace Crypto or “Bite the Dust”

16 Nov 2018
With all the constant news about the price of Bitcoin, it’s possible to forget what it was invented for. Cryptocurrency trading plays only a small role in what Bitcoin and…
Cyber Security…

Snort Open Source IDS

14 Nov 201828 Nov 2019
Snort is an open source Intrusion Detection System that you can use on your Linux systems.  This tutorial will go over basic configuration of Snort IDS and teach you how…
AppSec…

IPtables – the Linux Firewall

13 Nov 201813 Nov 2018
KORBIN BROWN FEBRUARY 6, 2014, 12:34PM EDT Iptables is an extremely flexible firewall utility built for Linux operating systems. Whether you’re a novice Linux geek or a system administrator, there’s…
#Metasploit…

Payload in PDF

12 Nov 2018
Infected PDFs have always been a privileged way to infect users because this document format is very common and used by almost everyone. Moreover, it exists many ways to exploit Acrobat Reader…
#career…

Now Is The Time, Linux is the Direction

11 Nov 201824 Jan 2019
Your future matters to us @ LSB, so get into Linux and see the new world it will open for you. Created by QuBits 2018-11-11
Cryptography…

The Hidden Wiki

11 Nov 20185 Mar 2019
If you did not know yet the Hidden Wiki is a list of well known Dark Net Sites that will get you started browsing on the other internet. To access…
Android…

Best Ad Blocker Apps For Android

11 Nov 201811 Nov 2018
By Khaled Shariar  - LAST UPDATED: August 10, 2018 Want to get rid of annoying ads? Check out the following ad blocker for android to stop seeing ads on Android.…
#career…

Linux Foundation Deals For LSB Followers

25 Oct 2018
We are delighted to be able to team up with The Linux Foundation to bring you some great deals on amazing Linux courses and materials. All courses, on completion is…
AppSec…

OWASP Security Shepherd- Session Management Challenge One – Solution – LSB

12 Oct 201812 Oct 2018
We have another solution in the OWASP Security Shepherd challenges and we enjoyed completing this one. You can find out about Session Management from OWASP here. So let's get on…
AppSec…

Penetration Testing – Complete Guide

10 Oct 201810 Dec 2018
What is Penetration Testing? It’s the process to identify security vulnerabilities in an application by evaluating the system or network with various malicious techniques. The weak points of a system…
Attacks…

The Evil Twin Attack

8 Oct 201829 Oct 2019
I searched through many guides, and none of them really gave good description of how to do this. There’s a lot of software out there (such as SEToolkit, which can…
AppSec…

OWASP Security Shepherd – Failure To Restrict Access Solution – LSB

27 Sep 201827 May 2019
Am I Vulnerable To 'Failure to Restrict URL Access'? The best way to find out if an application has failed to properly restrict URL access is to verify every page. Consider for…
AppSec…

OWASP Security Shepherd – Insecure Cryptographic Storage Challenge 1 Solution – LSB

21 Sep 2018
Thanks for visiting and today we have another OWASP Security Shepherd Solution for you. This time it's the Insecure Cryptographic Storage Challenge. Cryptography is usually the safest way to communicate…
AppSec…

OWASP Security Shepherd – SQL Injection Solution – LSB

15 Sep 201819 Sep 2019
A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data…
AppSec…

Create a Persistent Back Door with Kali, Netcat and Weevely

13 Sep 201815 Aug 2020
This post will dive into how we can take advantage of a vulnerability in a web application to gain access and upload a backdoor that we can connect to in…
Legal…

Join Us in the Fight for Net Neutrality

12 Sep 201812 Sep 2018
via Join Us in the Fight for Net Neutrality
AppSec…

OWASP Security Shepherd – Cross Site Scripting One Solution – LSB

12 Sep 201812 Sep 2018
Welcome back to LSB my budding hackers. Today's lesson is about Cross Site Scripting (Or XSS).  Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected…
AppSec…

OWASP Security Shepherd – Insecure Direct Object Reference Solution – LSB

10 Sep 2018
Welcome back to the Security Shepherd solutions from LSB. This was quite an interesting puzzle and it took a few tries to get the key. Insecure Direct Object Reference (called IDOR from here) occurs when…
AppSec…

OWASP Security Shepherd – Failure To Restrict Access Solution – LSB

7 Sep 20187 Sep 2018
What is Failure to Restrict URL Access Vulnerability/Threat? Failure to restrict URL access occurs in applications hide functionality from non-privileged users. In an application that fails to restrict URL access, administration…
AppSec…

AV evading with Veil

29 Aug 201822 Nov 2019
One of the most important issues any hacker must address is how to get past security devices and remain undetected. These can include antivirus software, intrusion detection systems, firewalls, web…

Posts navigation

Older posts
Newer posts

RSS ls -a /Zer0Days

  • [webapps] Bitbucket v7.0.0 - RCE 23 Mar 2023
  • [webapps] wkhtmltopdf 0.12.6 - Server Side Request Forgery 23 Mar 2023
  • [webapps] WorkOrder CMS 0.1.0 - SQL Injection 23 Mar 2023
  • [webapps] MAN-EAM-0003 V3.2.4 - XXE 23 Mar 2023
  • [webapps] Owlfiles File Manager 12.0.1 - Multiple Vulnerabilities 23 Mar 2023

Follow Us

  • Twitter
  • Facebook
  • Tumblr
  • Reddit

RSS Crypto News

  • An error has occurred; the feed is probably down. Try again later.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,439 other subscribers

ls /categories

AppSec Attacks Bugs Cryptography Cyber Security Education Encryption Entertainment Exploits Hacking Linux Open Source Operating Systems OWASP Penetration Testing Privacy Security Technology Tips Tutorials

ls /comments

dark92i (@dark92i) on The Hidden Wiki
Foster Eli on Best Darkweb Links
crypstalk21 on Securing Your Crypto Wallet
kioptrix vm on PenTesting: Gaining Root Privi…
Johnny Dickman (@Dar… on The Darknet 2019
XXS Attack – P… on Payload in PDF

ls -a -v /community

ls /MostVisited

  • Best Darkweb Links
    Best Darkweb Links
  • Payload in PDF
    Payload in PDF
  • Crack WPA Handshake using Aircrack with Kali Linux
    Crack WPA Handshake using Aircrack with Kali Linux
  • Write a Ping Sweeper in 4 Lines of Bash
    Write a Ping Sweeper in 4 Lines of Bash
  • BlueKeep - Exploit Windows (RDP Vulnerability) Remotely
    BlueKeep - Exploit Windows (RDP Vulnerability) Remotely
  • Find Vulnerable Devices On The Internet With Shodan
    Find Vulnerable Devices On The Internet With Shodan
  • Hacking Linux with Armitage
    Hacking Linux with Armitage
  • Reverse Engineering Router Firmware
    Reverse Engineering Router Firmware
  • Sniffing Access Points and Mac Addresses Using Python
    Sniffing Access Points and Mac Addresses Using Python
  • Installing Security Shepherd on VMWare Workstation 12 Player
    Installing Security Shepherd on VMWare Workstation 12 Player

ls /Archives

Follow Linux Security Blog on WordPress.com

We Use Social Media

  • Twitter
  • Reddit
  • Facebook
  • Tumblr
  • Pinterest
  • YouTube
Create a website or blog at WordPress.com
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
  • Follow Following
    • Linux Security Blog
      • Join 270 other followers
    • Already have a WordPress.com account? Log in now.
    • Linux Security Blog
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar
 

Loading Comments...
 

You must be logged in to post a comment.