Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

The request is simply a php request that grabs all 181 scripts...

Eventually, this can overload the server and take it down, if done enough times.

DOS attacks that take a very little amount of resources are really interesting.

So, the take-away should be turning a small request into an immense amount of data being sent back could cause a DOS!

This is really cool, although not that practical.

If there is malware on a computer, then data can sent by generating a pattern of magnetic field frequencies by regulating CPU's workloads... That's pretty insane!

Was there a vulnerability in something? Then go check this same feature out again! Bugs tend to be in places where 1) The page is less visited/people do not look 2) things that are old 3) in pairs. If there is one bug, there is likely to be another!

This vulnerability was interesting because it was a leakage via different error messages. That is all! This can be very helpful :)

At the ICO (initial coin offering) the BeeToken got WRECKED by a phishing scam. Although these phishing scams are not very technical, it is quite smart!

They had fake emails for the company. Instead of name@beetoken.com they were from name@thebeetoken.com! This slight change might it believable.

The scammers then said to send their coins for a better return on their investment to some address... Which is where the money was kept, as part of the scam.

The issue for black hat hackers was 'How do I make money?'. However, with the rise of cryptocurrenies, a GIANT avenue was created to financially take advantage of this.

This also uses Eternal Blue; the vulnerability that was discovered by the NSA and used a weapon.

Proofpoint found the miner too? Proofpoint is really well known for their email; thought this was a weird crossover.

Also... When people talked about hackernews, I thought this was the site haha. But, I was sadly wrong :(

Technology is changing from static web apps to serverless and cloud technologies. Not just the technology is changing, but only the methodology. Instead of code being pushed twice a year, the Agile development is pushing for the DevOps team to push several times a day!

What does all of this do for attackers? From the serverless and cloud perspective, it takes away persistence in some server room. However, it opens up the attack surface for exploited poorly configured cloud configuration and serverless architecture.

Because of the constant change within a system, attackers are starting to use more automated methods to check out what is going on.

DNS (Domain Name System) is essentially a look up for a domain name to the actual IP address of the server that is trying to be connected to.

By a DNS server sending a wrong IP for a domain, it misleads the user into visiting a site that is not actually the right site!

Most malware will change the DNS server configurations on a computer to a malicious one. But why though? That is the interesting part of the article!

This has been used for people going to a bank to submit credentials. However, most malware just wants to make money from ads... So, the DNS server returns wrong IPs from ads on websites, then insert their own adds. SO interesting!

Malware can be really confusing to read through... In particular, things try to stay hidden and are purposely made hard to analyze (obfuscate).

The remote access tool (RAT) even used encryption and decryption tools to communicate.

Although, the crypto was not very secure! lkw goes through the process of cracking the encryption, for the data being transferred (some n for RSA).

Something like 80% of hacks start from some sort of a phishing attack.

Sending malicious excel/word files was a very large avenue for this for years!

DDE (dynamic data exchange) essentially allowed for remote code execution on the machine, once the document was opened.

In security class, as a junior in college, I created a demonstration of this using a Word file that would download my Github repo from the internet that would attempt to find the string "11". Once this string was found, it would replace it with "pwned". Essentially, it was a keylogger, waiting for a particular string. I was trying to mimic the bitcoin address switching malware.

Although Microsoft has locked down on this for a couple of years, people occasionally find bypasses that make this exploitable again.

Interesting because the request is made BEFORE authentication has been done, making a request on the router, by the router, to bypass authentication.

This essentially bypasses authentication on POST requests, entirely. From there, there are several configuration settings that can set (including Admin password).

After having the Administrative password, it is trivial to enable SSH access (for yourself) to run arbitrary commands. I personally would not call this a RCE bug; I would call this is a privilege escalation bug that can lead to RCE.