Wi-Fi : “WiFi” is the short form for Wireless Fidelity. It is a high speed internet and network connection without the use of wires or cables. It means a type of wireless networking protocol that allows devices to communicate and transfer data wirelessly without cords or cables. Wi-Fi is […]
Zeus, also known as ZBot/WSNPoem, is famous for stealing banking information by using man in the browser keystroke logging and form grabbing. As the term suggests, man in the browser (MITB) is basically a proxy Trojan horse which uses man in the middle techniques to attack users. It attacks […]
During the last months I was a member of the board for a project titled Artemis, a research project that I started with my co-author Richard Amores to better understand the Deep Web and profile the actors that populate it.
We have worked mainly in two directions: the first one […]
Bitcoin is a digital currency or, we might say, electronic cash that uses peer-to-peer technology for transactions. Here peer-to-peer means it is not managed by any central authority. Normal currencies are managed by a central bank but Bitcoin is managed collectively by the network. The Bitcoin software was developed […]
HTML5 is one of the promising new key technologies that powers the web. Though it is still under development, HTML5 is high in demand especially given the fact that the use of smart phones and internet enabled mobile devices is growing exponentially every year. HTML, the heart of the […]
This tutorial describes the basic principles of gathering information to exploit vulnerable machines like Ubuntu Server and Windows XP. On both systems (Ubuntu and Windows) are installed some vulnerable services like Tomcat Java / Samba File Server or vulnerable Databases like PostgreSQL for Ubuntu machine and MySQL for Windows […]
In the first part of the article, we discussed traffic analysis for iPhone applications. The second, third and fourth parts of the article covered an in-depth analysis of insecure data storage locations on the iPhone. In this part, we will take a look at runtime analysis of iOS applications. […]
This is the third part of the phishing and social engineering techniques series. In the first article we have discussed what phishing is and what the different types of phishing are and we made a demo of phishing attacks using email-spoofing method to convince our victims to click to […]
Now let’s have another cool setup for your Raspberry Pi! If you are a follower of my recent articles, you will notice that I am really into consoles, handy devices, and Raspberry Pi; in fact, I have written an article about a list of penetration testing distribution and installer […]
In this article, we examine the Liberty Reserve money-laundering scandal—a phony story and video as well (it was about another theme, not Budovsky).
A Few words about the incident:
“Arthur Budovsky Belanchuk, the owner of Liberty Reserve website, has been arrested in Spain for charges relating to money laundry. Accordingly, […]
Advanced Persistent Threats (APT) was originally coined while nations were involved in cyber-espionage. These techniques are used by cyber-criminals to steal data for monetary gains. Unlike other threats, these threats are advanced, often targeted, persistent in nature, and evasive too. APTs target particular organizations unlike other usually found malwares, […]
As a security researcher and an information security enthusiast, I am always intrigued by underground hacker groups and that’s why I do some research about them. In this article, we will talk about Kosova Hacker’s Security in order to understand their ideals and the essence of their existence as […]
pWeb Suite (formerly known as pCrack Suite) is a set of Perl-based penetration testing tools primarily focused on web application security and vulnerability testing. This tool is brought to you by Douglas Berdeaux, a.k.a Trevelyn, who is the founder of Weaknet Laboratories and the lead developer of known open […]
1) Some theory
I chose an admin-panel plugin, meaning, normally, only the admin will be able to access its functionalities. This is why the exploitation of the vulnerability is quite tricky though.
Owing to the fact that only the admin can access the plugin, we must force him to do so […]
This is the fourth article on vulnerability assessment of SNMP service. So far we’ve covered the basics, discovery, and data extraction using various tools from the SNMP Management Information Base. We have also covered the point and shoot tool “snmpcheck”. We can quickly enumerate data stored in SNMP’s OID […]
The QR code or Quick Response code was originally designed for industrial applications, and has quickly gained popularity in the advertising industry. With the huge popularity and sales in smartphone and tablets every year, these QR codes are beloved by marketers.
What a typical QR contains
A QR code can contain […]
Contrary to what you might believe, DDoS (Distributed Denial of Service) attacks are considerable, a serious cyber threat able interrupt a web service provided by an organization causing serious consequences. The methods of attacks could be adopted for various purposes by different entities, for example a group of cyber-criminals […]
Social networking has become an integral part of our lives. Through social networking, we are connected to friends and family; sharing photos, gossiping, tagging photos, sharing ideas, and meeting new people across the globe. Your social networking profile can become a spot where your friends and family can share […]
This is the third article of this series of articles on vulnerability assessment of SNMP Service. In the previous two articles, we have covered how to set up SNMP service and how to discover SNMP enabled devices on the network using the Nmap tool. We also covered the tool […]
This is the second part of the phishing and social engineering techniques series. In the first article, we have discussed what phishing is, as well as different types of phishing. We made a demo of a phishing attack using an email spoofing method to convince our victims to click […]