AppSec… Create a Persistent Back Door with Kali, Netcat and Weevely 13 Sep 201815 Aug 2020 This post will dive into how we can take advantage of a vulnerability in a web application to gain access and upload a backdoor that we can connect to in…
#Metasploit… Metasploit for the Aspiring Ethical Hacker, Part 3 (Payloads) – LSB 5 Dec 20176 Dec 2017 As you know, Metasploit is an exploitation framework that every hacker should be knowledgeable of and skilled at. It is one of my favorite hacking tools available. Let's take a closer look…
Attacks… Nmap Scripts for Recon 5 Dec 201727 Dec 2018 These Nmap NSE Scripts are all included in standard installations of Nmap. Use them to gather additional information on the targets you are scanning. The information can both add context…
Attacks… Metasploit for the Aspiring Ethical Hacker, Part 2 1 Dec 201729 Jan 2019 Part 1 is here: https://linuxsecurityblog.com/2016/03/01/metasploit-for-the-aspiring-ethical-hacker-part-1/ In this second tutorial, we will look at some of the basic commands we can use in Metasploit. Although the Metasploit framework can appear daunting to…
Attacks… Hackers can bypass new protections in MacOS High Sierra 29 Nov 201729 Nov 2017 MacOS High Sierra protections can be bypassed, but will make security researchers and companies work more difficult Hackers can bypass a new security feature in MacOS High Sierra to load…
Cloud Security… Create Your Own VPN with AWS 24 Nov 201723 May 2019 Internet users are spoiled for choice when it comes to VPN services, but they either require a monthly subscription, aren’t secure, or are just plain slow. Thankfully, alternatives do exist.…
AppSec… OWASP – A2 – Broken Authentication and Session Management – LSB 24 Nov 201729 Jun 2018 Threat Agents Consider anonymous external attackers, as well as users with their own accounts, who may attempt to steal accounts from others. Also consider insiders wanting to disguise their actions.…
Cyber Security… LSB Afilliate Programs 22 Nov 201728 Nov 2017 I thank each and every one of you for visiting my blog, you are the reason we are still able to keep LSB alive. As you may or may not…
AppSec… Exploiting CSRF under NoScript Conditions 22 Nov 201716 Mar 2019 CSRFs -- or Cross-Site Request Forgery vulnerabilities -- occur when a server accepts requests that can be “spoofed” from a site running on a different domain. The attack goes something like this:…
AppSec… A Guide to Not Getting Hacked 20 Nov 20175 Mar 2019 Hackers steal hundreds of millions of passwords in one swoop and occasionally cause large-scale blackouts. The future is probably not going to get better, with real-life disasters caused by internet-connected knick-knacks, smart home robots that could kill…
Attacks… Set up a Honeypot on AWS 8 Nov 20178 Nov 2017 If you’re aspiring to become a professional in the field of computer security, wish to understand further the current threat landscape or simply want to have a play around with…
Linux Security Blog 