Vulnerabilities – Page 3

Confessions of a Professional Hacker: How Russian Hackers Compromised the 2016 U.S. Presidential Election

December 10, 2023January 3, 2024Occupy The Web

On July 13, 2018, the U.S. Justice Department handed down a 29-page indictment against 12 intelligence officers of the GRU, Russia’s military intelligence agency. In this indictment, the U.S. Justice Department investigators (Robert Mueller’s team) provide granular detail of the step-by-step activity of these Russian hackers. Russia’s Internet Research Agency In this article, I would […]

BlueTooth Hacking, Part 2: BlueTooth Reconnaissance

December 10, 2023January 3, 2024Occupy The Web

The beauty of Bluetooth hacking is that it gives you a clear window into the world of the target. Nearly every device has Bluetooth capabilities now, and people store a great deal of personal information on their phones and tablets. If we can hack their Bluetooth connection, we can access all of that great information […]

Web App Hacking: XXE Vulnerabilities and Attacks

December 10, 2023December 10, 2023Occupy The Web

Welcome back, my aspiring Web App cyberwarriors! Among the most important types of web app attacks is the XXE attack. This is the XML eXternal Entity Injection attack. This type of vulnerability allows an attacker to interfere with the app’s processing of XML data. Many applications use the XML format to transmit data between the […]

Open Source Intelligence(OSINT), Part 4: Google Hacking to Find Unsecured Web Cams

December 10, 2023December 10, 2023Occupy The Web

Welcome back, my aspiring OSINT cyber warriors! The Internet is the largest and deepest repository of data in the history of the world. With that tautology out of the way, let’s get down to work, and maybe, a little fun. All the data on the Internet can be very valuable to an investigator or hacker, […]

Vulnerability Scanning, Part 1: Nexpose

December 9, 2023January 2, 2024Occupy The Web

Welcome back, my aspiring cyberwarriors! One of the keys to being successful as a hacker, pentester, or cyber warrior is the ability to find vulnerabilities or flaws in the target system. Vulnerabilities are holes or weaknesses that can be exploited (hacked). We have looked at several ways to do that including various Web application vulnerability […]

Finding the F5 Systems Vulnerable to CVE-2020-5902 using Shodan

December 8, 2023December 8, 2023Occupy The Web

Welcome back, my aspiring cyberwarriors! On July 4, 2020 (US Independence Day), F5 released a security patch for their BIG-IP systems that allows the attacker to take control of the affected systems. This vulnerability is rated a 10/10 in severity and assigned CVE-2020-5902. This vulnerability is so severe that an attacker with even rudimentary skills […]

Android Hacking, Part 2: How to Embed a Backdoor into an Android APK

December 7, 2023December 28, 2023Occupy The Web

Welcome back, my fledgling hackers! Mobile devices–smartphones and tablets–are proliferating around the world and slowly overtaking desktop and laptop machines. These mobile devices generally run either the iOS or the Android operating system, with Android comprising the bulk of all mobile device OS’s (82%). Considering the growth of the mobile market and the dominance of […]

Shodan, Part 2: Finding Outdated and Vulnerable Systems Around the World

December 4, 2023January 2, 2024Occupy The Web

Welcome back my aspiring cyber warriors! In my earlier tutorial, I showed you some of the basics of using Shodan, “the world’s most dangerous search engine”. In this tutorial, we will expand and extend your knowledge of the capabilities of Shodan to find outdated and vulnerable online systems. Often times, aspiring cyber warriors assume that […]

Exploit Development, Part 3: Finding Vulnerabilities by Fuzzing with Spike

November 26, 2023January 1, 2024Occupy The Web

Often, as part of the exploit development process, we will want to test an application for vulnerabilities, especially buffer overflows. One of the ways we can do that is to send random, varying length, invalid data at the application and see what happens. If we can get the application to crash, this often is a […]

Using Wikto to Find Website Vulnerabilities

November 13, 2023November 13, 2023Occupy The Web

When we are trying to find vulnerabilities in a website to attack, we need a solid web server vulnerability scanner. Internet-facing web apps can open enormous opportunities for us as they are often riven with vulnerabilities and can often offer an entry point to the internal network and resources. Previously, I had showed you how […]

Category: Vulnerabilities

Confessions of a Professional Hacker: How Russian Hackers Compromised the 2016 U.S. Presidential Election

BlueTooth Hacking, Part 2: BlueTooth Reconnaissance

Web App Hacking: XXE Vulnerabilities and Attacks

Open Source Intelligence(OSINT), Part 4: Google Hacking to Find Unsecured Web Cams

Vulnerability Scanning, Part 1: Nexpose

Finding the F5 Systems Vulnerable to CVE-2020-5902 using Shodan

Android Hacking, Part 2: How to Embed a Backdoor into an Android APK

Shodan, Part 2: Finding Outdated and Vulnerable Systems Around the World

Exploit Development, Part 3: Finding Vulnerabilities by Fuzzing with Spike

Using Wikto to Find Website Vulnerabilities

CYBER WEEK SALE

35% OFF EVERYTHING

USE CODE jjt8vpmput1d

ENDS 12/6 AT MIDNIGHT!

Excludes books, but everything else is fair game!