HackDig : Dig high-quality web security articles for hackers

BSidesSF CTF: Hard reversing challenge: Chameleon

For my third and final blog post about the BSidesSF CTF, I wanted to cover the solution to Chameleon. Chameleon is loosely based on a KringleCon challenge I wrote (video guide), which is loosely based on a real-world penetration test from a long time ago. Except that Chameleon is much, much harder than either. Chameleon (source), at its core, is a file encr
Publish At:2020-02-26 15:35 | Read:501 | Comments:0 | Tags:Conferences Crypto CTFs Reverse Engineering

BSidesSF CTF: Easy to hard Rust reversing challenges

As mentioned in a previous post, I was honoured to once again help run BSidesSF CTF! This is going to be a quick writeup for three challenges: config-me, rusty1, and rusty2. All three are reversing challenges written in Rust, although the actual amount of reversing required is low for the first two. config-me config-me (source) was actually modeled after tw
Publish At:2020-02-26 14:05 | Read:430 | Comments:0 | Tags:Conferences CTFs Reverse Engineering

5 tips for building an effective security operations center (SOC)

Security is more than just tools and processes. It is also the people that develop and operate security systems. Creating systems in which security professionals can work efficiently and effectively with current technologies is key to keeping your data and networks secure. Many enterprise organizations understand this need and are attempting to meet it with
Publish At:2019-12-13 16:50 | Read:593 | Comments:0 | Tags:Business Endpoint Protection incident responder incident res

Technical Rundown of WebExec

This is a technical rundown of a vulnerability that we've dubbed "WebExec". The summary is: a flaw in WebEx's WebexUpdateService allows anyone with a login to the Windows system where WebEx is installed to run SYSTEM-level code remotely. That's right: this client-side application that doesn't listen on any ports is actually vulnerable to remote code executio
Publish At:2019-09-19 17:55 | Read:1336 | Comments:0 | Tags:Hacking NetBIOS/SMB Reverse Engineering

BSidesSF CTF author writeup: genius

Hey all, This is going to be an author's writeup of the BSidesSF 2019 CTF challenge: genius! genius is probably my favourite challenge from the year, and I'm thrilled that it was solved by 6 teams! It was inspired by a few other challenges I wrote in the past, including Nibbler. You can grab the sourcecode, solution, and everything needed to run it yourself
Publish At:2019-09-19 17:55 | Read:1205 | Comments:0 | Tags:Conferences CTFs Hacking Reverse Engineering

In BSidesSF CTF, calc.exe exploits you! (Author writeup of launchcode)

Hey everybody, In addition to genius, whose writeup I already posted, my other favourite challenge I wrote for BSidesSF CTF was called launchcode. This will be my third and final writeup for BSidesSF CTF for 2019, but you can see all the challenges and solutions on our Github releases page. This post will be more about how I developed this, since the solutio
Publish At:2019-09-19 17:55 | Read:1006 | Comments:0 | Tags:Conferences Crypto Forensics Reverse Engineering exploit

Reverse Engineering 101 – With Crack-mes

Reverse Engineering is an fascinating art of playing with low level code. In this article, we will see a hands-on tutorial for patching an exe file to accept any serial key! Tool for use: ● Ollydbg (http://www.ollydbg.de/) ● A crack-me for demonstration. You can download loads of crack-mes for hands-on practice from http://crackmes.de/ A crack-me is a small
Publish At:2017-09-15 21:40 | Read:4648 | Comments:0 | Tags:SecureLayer7 Lab Crackme Ollydbg Reverse Engineering

Reverse Engineering a JavaScript Obfuscated Dropper

1. IntroductionNowadays one of the techniques most used to spread malware on windows systems is using a JavaScript (js) dropper. A js dropper represents, in most attack scenarios, the first stage of a malware infection.It happens because Windows systems allow the execution of various scripting language using the Windows Script Host (WScript). This mean
Publish At:2017-07-31 23:15 | Read:10605 | Comments:0 | Tags:Reverse Engineering

Reverse Engineering – LAB 3

Software: IDA Pro Free (v 5.0)DLL Name: Test.dllStory about DLL:This DLL is reportedly scanning the system for running the process on the system and then send them to a hardcoded domain name. This DLL has also employed anti-analysis technique by checking the presence of known virtualization software’s etc.Steps:Load the malicious DLL into IDA Pro
Publish At:2017-07-24 17:00 | Read:4520 | Comments:0 | Tags:Reverse Engineering

18 Extensions For Turning Firefox Into a Penetration Testing Tool

Firefox is a popular web browser from Mozilla. Popularity of Firefox is not only because it’s a good web browser, it also supports add-ons to enhance the functionality. Mozilla has a website add-on section that has thousands of useful add-ons in different categories. Some of these add-ons are useful for penetration testers and security analysts.
Publish At:2017-07-11 15:30 | Read:3395 | Comments:0 | Tags:Penetration Testing feature reverse engineering

Exploiting Protostar – Stack 0-3

In this article, we will be reverse engineering and exploiting simple C programs from Protostar VM by exploit-exercises.com. We will be mainly focusing at how and why of stack overflows.Introduction:Well, there are tons of tutorials out there on stack buffer overflow, but very few of them deduce the reasoning like “why only those number of bytes
Publish At:2017-04-03 10:35 | Read:6061 | Comments:0 | Tags:Reverse Engineering exploit

Top 8 Reverse Engineering Tools for Cyber Security Professionals

Whether it is rebuilding a car engine or diagramming a sentence, people can learn about many things simply by taking them apart and putting them back together again. This process of breaking something down to understand it, build a copy to improve it, is known as reverse engineering.The process of reverse engineering was originally applied to hardware
Publish At:2017-02-23 14:25 | Read:2872 | Comments:0 | Tags:Reverse Engineering

Hacking Tools: Reverse Engineering

Reverse engineering refers to the duplication of another producer’s product following a thorough examination of its construction or composition. It involves taking apart the product to understand how it works so as to enhance or duplicate such a product. It makes it possible to understand the basic working principle and structure of the systems u
Publish At:2017-02-03 14:55 | Read:4240 | Comments:0 | Tags:Reverse Engineering

[CRITICAL] Nissan Leaf Can Be Hacked Via Web Browser From Anywhere In The World

What if a car could be controlled from a computer halfway around the world? Computer security researcher and hacker Troy Hunt has managed to do just that, via a web browser and an Internet connection, with an unmodified Nissan Leaf in another country. While so far the control was limited to the HVAC system, it’s a revealing demonstration of what’s possible.
Publish At:2016-11-20 03:20 | Read:4817 | Comments:0 | Tags:Cyber Security Cyber Security Research Security Updates 0xic

Remotely Disabling a Wireless Burglar Alarm

By Andrew Zonenberg @azonenbergCountless movies feature hackers remotely turning offsecurity systems in order to infiltrate buildings without being noticed. Buthow realistic are these depictions? Time to find out.Today we’re releasing information on a critical securityvulnerability in a wireless home security system from SimpliSafe. This system consis
Publish At:2016-11-19 20:15 | Read:6390 | Comments:0 | Tags:0-day 0day alarm Andrew Zonenberg burglar cyber attack hacki

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud