Machine Learning Approach to Guess Passwords via Microphones

Most of the known attacks involve some kind of software in the victim’s device that can be exploited, or it’s a trojan by itself that can be controlled remotely. But what if attackers can get the victim’s sensitive data like passwords over the phone without the need to install any software?

Read More

Applying DRY Principle in Pentesting

When I manually pentest sites, I usually see some standard parameters like "redirect=" or "q=" and I immediately test the common vulnerabilities like open redirector or SQL injections and observe their behavior. I used to repeat the process on many pages, and I do that a lot, which wastes my time. To solve this problem, I wrote a solution to test all the basic issues without using automated scanners.

Read More

Christmas Break Infrastructure Upgrades

In this Crismistmas brake, I added a new ESXi server to my infrastructure. I customized a Dell Poweredge T630 according to my necessities. My old server is really good; it serviced me for more than two years without any problems. However, it’s time to upgrade the infrastructure to the next level with more CPU power, RAM, and hard disk space.

Read More