Welcome back, my aspiring OSINT cyber warriors! The Internet is the largest and deepest repository of data in the history of the world. With that tautology out of the way, let’s get down to work, and maybe, a little fun. All the data on the Internet can be very valuable to an investigator or hacker, […]
Continue Reading
Welcome back, my aspiring cyberwarriors! One of the keys to being successful as a hacker, pentester, or cyber warrior is the ability to find vulnerabilities or flaws in the target system. Vulnerabilities are holes or weaknesses that can be exploited (hacked). We have looked at several ways to do that including various Web application vulnerability […]
Continue Reading
Welcome back, my aspiring cyberwarriors! On July 4, 2020 (US Independence Day), F5 released a security patch for their BIG-IP systems that allows the attacker to take control of the affected systems. This vulnerability is rated a 10/10 in severity and assigned CVE-2020-5902. This vulnerability is so severe that an attacker with even rudimentary skills […]
Continue Reading
Welcome back, my fledgling hackers! Mobile devices–smartphones and tablets–are proliferating around the world and slowly overtaking desktop and laptop machines. These mobile devices generally run either the iOS or the Android operating system, with Android comprising the bulk of all mobile device OS’s (82%). Considering the growth of the mobile market and the dominance of […]
Continue Reading
Welcome back my aspiring cyber warriors! In my earlier tutorial, I showed you some of the basics of using Shodan, “the world’s most dangerous search engine”. In this tutorial, we will expand and extend your knowledge of the capabilities of Shodan to find outdated and vulnerable online systems. Often times, aspiring cyber warriors assume that […]
Continue Reading
Often, as part of the exploit development process, we will want to test an application for vulnerabilities, especially buffer overflows. One of the ways we can do that is to send random, varying length, invalid data at the application and see what happens. If we can get the application to crash, this often is a […]
Continue Reading
When we are trying to find vulnerabilities in a website to attack, we need a solid web server vulnerability scanner. Internet-facing web apps can open enormous opportunities for us as they are often riven with vulnerabilities and can often offer an entry point to the internal network and resources. Previously, I had showed you how […]
Continue Reading
Welcome back, my aspiring cyberwarriors! Often, after successfully compromising a system, we are limited to the privilege’s of the compromised user. Regular users on systems usually have very limited privileges and can not access many of the resources or make changes to their systems and resources (databases, etc.). This is one of the many ways […]
Continue Reading
Welcome back, my aspiring cyberwarriors! When attempting to hack/pentest a website, it can be extremely useful to get the parameters of various pages. These might include php, woff, css, js, png,svg, php, jpg and others. Each of these parameters might indicate a particular vulnerability such as SQL injection, XSS, LFI, and others. When we have […]
Continue Reading