Most of the known attacks involve some kind of software in the victim’s device that can be exploited, or it’s a trojan by itself that can be controlled remotely. But what if attackers can get the victim’s sensitive data like passwords over the phone without the need to install any software?
When I manually pentest sites, I usually see some standard parameters like
"q=" and I immediately test the common vulnerabilities like open redirector or SQL injections and observe their behavior. I used to repeat the process on many pages, and I do that a lot, which wastes my time. To solve this problem, I wrote a solution to test all the basic issues without using automated scanners.
SharpWatchdogs is a program designed to watch other processes. The idea behind this code is to provide persistence in compromised hosts for Red Blue competitions.
In this Crismistmas brake, I added a new ESXi server to my infrastructure. I customized a Dell Poweredge T630 according to my necessities. My old server is really good; it serviced me for more than two years without any problems. However, it’s time to upgrade the infrastructure to the next level with more CPU power, RAM, and hard disk space.
My thoughts on the covert communications field, my opinion on the CSEC-750 course offered by RIT, and the outcomes of that class project.
Cobalt Strike is the industry standard for C2 projects. It provides a post-exploitation agent and channels to emulate long-term embedded actors in networks. Cobalt Strike can use very good surreptitiously channels via many different techniques.
Nowadays, they are many command and control projects. However, the medium of most of the existing C2s is operating systems. We rarely see a C2 that controls a specific part of an operating system like browsers.
Hello Hackers! I hope you found a 0day today. Well, today, I will be addressing most of the people’s favorite distribution, Kali Linux. It’s an awesome distro with outdated tools.