As someone who likes to tinker with hardware, we often find ourselves opening up a device to find UART pins which are originally meant for debugging and testing We often use these to connect to the device. But most of us hit a small snag here. Snag No 1: More often than not the pins […]
Knowledge-base
Arm Exploitation Series #1 — Introduction to the ARM Architecture
With the increasing growth in Internet-Of-Things (IoT) devices, it is an absolute necessity to scrutinize the security of these devices too, especially when they’re going to be right in our homes. What better way to start, than at the very instruction set architecture (ISA) that’s most commonly found on these devices — ARM. ARM, or […]
Basic Understanding of Command and Control Malware Server
Reading time: 8/10 minutes Folks!! In this blog, I will talk about Command and Control Servers (C&Cs) and diverse procedures utilized by “assailants” “attacker” to fabricate a powerful and dependable C&C foundation. The most well-known engineering utilized by aggressors for correspondence is the brought together design which depends on standard HTTP or IRC conventions. They have likewise developed […]
Abusing SUDO Advance for Linux Privilege Escalation – RedTeam Tips
Abusing SUDO Advance for Linux Privilege Escalation If you have a limited shell that has access to some programs using thesudocommand you might be able to escalate your privileges. here I show some of the binary which helps you to escalate privilege using the sudo command. If you already read my previous article(Abusing Sudo) then you can skip […]
Web Services and API Penetration Testing Part #2
Welcome readers to Part 2 of Web Services Penetration Testing. In this part, we will take a quick look into the various test cases, tools and method for security testing of Web Services. Black box Web Services Penetration Testing pre-requisite: -> Web Service Description Language (WSDL) file Grey box Web Services Penetration Testing pre-requisite: -> […]
Intercepting thick clients sans domain: Thick Client Penetration Testing – Part 5
For carrying out penetration testing assessments, our main aim has been to resolve the actual domain to the loopback IP address, by adding an entry to the hosts file. Let us know consider a situation where the thick Client application does not send the request to a domain or a host name, then what happens? […]
Dark Web: Accessing the hidden content Part #2
Using I2P to access the dark web – Part #2 I2P Intro: According to Wikipedia, The Invisible Internet Project (I2P) is an anonymous network layer that allows for peer to peer communication via encrypting the user’s traffic and sending it through a volunteer-run network of roughly 55,000 computers distributed around the world. The software that implements this layer is called […]
Dark Web: Accessing the hidden content Part- 1
Curiosity towards hidden and unknown things is natural to people. For the general folks, Internet is existence of websites indexed via popular search engines like Google, however the Deep Dark web is beyond the traditional search engines which are hidden and inaccessible through standard web browsers. It is an interesting fact to know that […]
Fileless malware- the ninja technique to spread malwares using default os tools
What are fileless malwares? Fileless malware are not typical malwares that probe directly or indirectly to install software on a victim’s machine and then execute. Instead, tools that are built-in to Windows are hijacked and used to carry out attacks. Why is it more dangerous? Due to the usage of only default windows tools, no […]
Cryptocurrency Mining Scripts Harnessing your cpu memory via Browsers
Hidden MiningWebsites are increasingly using JavaScript-based cryptocurrency miners to monetize by levying the CPU power of their visitor’s PC to mine Bitcoin or other cryptocurrencies. Scenario then vs now: Websites using crypto-miner services could mine cryptocurrencies with your browser memory when you visit their site. Feasibility: Once you close the browser window, they lost access […]