Post Explotation Backdooring III

This is the third post on the post-exploitation method based on code caves. In the first part I showed you how to create a basic code cave in an executable to introduce a shell. In the second part I improved its detection rate using natural code caves and hiding the jump to the cave between the instructions of the program. In this part I'm going to show you how to avoid that antivirus detect the shell of the code cave through encryption and decryption at runtime. Thanks again to OscarAkaElvis, who taught me these techniques. Cipher natural code caves This method is based on the previous method. Some antivirus…

0 Comments

Post Explotation Backdooring I

A few months ago I was in a post-exploitation course taught by my ex colleagueOscarAkaElvis (creator of the tool to audit Airgeddon, which I recommend you try).I also want to warn that this is an advanced technique and you need to have basic knowledge of assembler and reversing. If you don't have them, I recommend the Pentester Academy courses "x86 Assembly Language and Shellcoding on Linux" and "Reverse Engineering Win32 Applications".In this post I'm going to show you how to turn an exe into a Trojan, modifying its code to run a remote terminal. To do this we will start with the simplest way to do it, but also…

2 Comments

Zip Bombs II: Quine Bombs

In last week's post I introduced the zip bombs and explained how to create a zip bomb using the recursion technique. I recommend that you take a look at it if you haven't already done so.  In this new entry I'm going to introduce the Quine Bombs.  Quine Programs In computing, a "quine" program is a program that replicates itself. In other words, a program whose source code generates its own source code as output. This is not easy to achieve. Let's see an example. If we execute print(1) in python, the output would be 1. We need the output to be the same as the input, in this case…

1 Comment

DLL Hijacking

Recently I am doing some very interesting Pentester Academy courses. Thanks to them I am learning a lot, since they deal with very particular topics with clear examples.  Today I am going to show you what I have learned about DLL Hijacking. A DLL is a library of dynamic links. There are two types of DLLs: the system DLLs, which provide Windows itself, and the application DLLs, where the application developer divides its functionality into different DLLs. The executables use these DLLs because it involves a modular design of the code and allows the code to be reused. In this way, dependencies are created, and depending on the importance…

0 Comments

noSQL Injection

In previous posts I have talked about SQL injections. It is usually the first example of computer security that is given to a student: " ´ or 1 = 1 -- a " However, this is only useful for servers that use relational databases, such as MySQL, MSSQL, Oracle. In the last decade another type of database has appeared: non-relational databases, such as Couch or MongoDB. This type of database is used to store a large amount of unrelated data, data that do not fit into the typical tabular model of SQL databases, such as images, videos, social media, and so on. The queries that are made to this type…

1 Comment

WordPress Shielding

As time goes by this domain gets bigger and bigger... Thanks to you! With less than a year of life, Google Analytics has notified me that in March I surpassed the one thousand monthly users. This is great news, but at the same time it has made me think that I should retouch a couple of things about blog security to be completely happy. After all, it's a crime for a cybersecurity blog to lack it. For this reason, today I bring you the steps I have taken to secure wordpress. The Basics Strong passwords and updated services. That's the foundation on which everything else must be built. Be sure…

5 Comments
WordPress Shielding
WordPress Shielding

Tor Network and Deep Web

During the last decade, the deep web has become very well known, everyone has talked about it. And the problem with this fame is that a lot of urban myths have arisen about this part of the Internet.The deep web is the name given to all content that is not included in search engines. Without going into details about why a person would want to access the deep web, in this blog I'm going to show you how to connect using the Tor browser. Tor is a browser that allows anonymous access to the Internet, thanks to its Onion Routing system. In a normal Internet connection, routing is direct: it…

0 Comments

Google Hacking

Google is one of the most famous search engines in the world. However, searching Google is an art that many people don't quite understand. And a case apart are those who prefer to ask you rather than do a simple google search. Luckily, there are awareness pages like lmgtfy Do you want to know how to be a hacker? Here's the link: http://lmgtfy.com/?q=how+to+be+a+hackerhttp://lmgtfy.com/?q=As+ser+hacker But in this article we will go further. Google has advanced search options: the so-called Google Dorks. Here I'll explain each of the different dorks that exist, and show you some examples of how you can discover sensitive information and find pages and files of a…

0 Comments

Penetration Tester Manual

Today I bring a very special post. This publication has been delayed a couple of weeks because I was finishing polishing it, and I wanted it to be perfect.I've been working for quite some time on a guide with the basics of pentesting, the different steps that a security auditor takes to perform an ethical hacking to a web application. Finally it is ready, and today I bring it to you in this post.One of the first books I read when I started in the world of cybersecurity was "The Web Application Hacker's Handbook 2", by Dafydd Stuttard and Marcus Pinto. This book, although it is something old, describes in…

0 Comments
Penetration Tester Manual
Manual del pentester

Physical hacking with USB

Have you ever been told that if you find a USB stick on the floor, you shouldn't put it in your computer? Today I'll show you through a proof of concept why you shouldn't do it. In this post we will see how to create a malicious USB that can infect a computer in seconds.But first a little bit of history.In 2010, the media echoed a virus that had managed to infect a nuclear power plant in Iran. This malware, called Stuxnet, slowed down the centrifuges that enriched uranium, increasing the pressure to critical points. The power station had sensors that allowed it to operate valves that released the…

1 Comment