Using I2P to access the dark web – Part #2 I2P Intro: According to Wikipedia, The Invisible Internet Project (I2P) is an anonymous network layer that allows for peer to peer communication via encrypting the user’s traffic and sending it through a volunteer-run network of roughly 55,000 computers distributed around the world. The software that implements this layer is called […]
Dark Web: Accessing the hidden content Part- 1
Curiosity towards hidden and unknown things is natural to people. For the general folks, Internet is existence of websites indexed via popular search engines like Google, however the Deep Dark web is beyond the traditional search engines which are hidden and inaccessible through standard web browsers. It is an interesting fact to know that […]
Fileless malware- the ninja technique to spread malwares using default os tools
What are fileless malwares? Fileless malware are not typical malwares that probe directly or indirectly to install software on a victim’s machine and then execute. Instead, tools that are built-in to Windows are hijacked and used to carry out attacks. Why is it more dangerous? Due to the usage of only default windows tools, no […]
Cryptocurrency Mining Scripts Harnessing your cpu memory via Browsers
Hidden MiningWebsites are increasingly using JavaScript-based cryptocurrency miners to monetize by levying the CPU power of their visitor’s PC to mine Bitcoin or other cryptocurrencies. Scenario then vs now: Websites using crypto-miner services could mine cryptocurrencies with your browser memory when you visit their site. Feasibility: Once you close the browser window, they lost access […]
Gain Root without Password- macOS Sierra
A critical vulnerability has been discovered in macOS High Sierra allowing any user to get root access on a mac system without any passwords. In order to perform this, you just need to type “root” into the username field, leave the password blank, and hit the Enter a few times ( two or more) and […]
Exploiting Browsers using PasteJacking and XSSJacking Vulnerability
Hi Readers, in the field of penetration testing, we all know attacks such as Clickjacking, Cross Site Scripting etc. These are attacks from most OWASP Top 10 test cases. Today we will look into some advanced attack vectors which have been lately around sometime but not all are aware of. Pastejacking. The art of changing […]
KeystoneJS Open Source Penetration Testing Report – Gratis 2017
Overview Under the Gratis Pentest 2017, we have evaluated security postures of open source applications. For Gratis 2017 we have selected KeystoneJS. In this blog we are discussing about KeystoneJS Open Source Penetration Testing Report and releasing the vulnerabilities details. KeystoneJS is a powerful Node.js content management system and web app framework built on express […]
WPA2 Protocol Vulnerability – Intercepting Password on Wireless Device
Overview The WPA2 Protocol vulnerability allows attacker to decrypt the network traffic from the vulnerable device and it also allow to view the critical information, injecting the packets/data from the vulnerable devices. The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks and the researcher who found this vulnerability is not released the working […]
OWASP TOP 10: #4 | Insecure Direct Object Reference Vulnerability
tl;dr: I’m Pentester and recently I got my first pentest project and I’ve successfully executed with my senior colleague. As the application was developed to perform the financial operations, I had focus of finding Insecure Direct Object Reference Vulnerabilities. This blog will help you for having the understanding of the IDOR vulnerability. Insecure Direct Object […]
Reverse Engineering 101 – With Crack-mes
Reverse Engineering is an fascinating art of playing with low level code. In this article, we will see a hands-on tutorial for patching an exe file to accept any serial key! Tool for use: ● Ollydbg (http://www.ollydbg.de/) ● A crack-me for demonstration. You can download loads of crack-mes for hands-on practice from http://crackmes.de/ A crack-me […]