Post Explotation Backdooring III

This is the third post on the post-exploitation method based on code caves. In the first part I showed you how to create a basic code cave in an executable to introduce a shell. In the second part I improved its detection rate using natural code caves and hiding the jump to the cave between the instructions of the program. In this part I'm going to show you how to avoid that antivirus detect the shell of the code cave through encryption and decryption at runtime. Thanks again to OscarAkaElvis, who taught me these techniques. Cipher natural code caves This method is based on the previous method. Some antivirus…

0 Comments

Post Explotation Backdooring II

This is the second part of the set of posts about Post Explotation Backdooring. If you haven't read the previous post, I recommend you do so to understand this post. Again I want to thank OscarAkaElvis, who taught me these PE Backdooring techniques.In the previous post we saw how to introduce the code of a reverse shell in a program, creating a Trojan. However, in real life this technique is more than known by antivirus, and it will not work.First of all, because it is very rare for a program to have a JMP as its first instruction.On the other hand, it is easy to verify that the size…

2 Comments

Zip Bombs III: Overlapping Bombs

In this last post of the zip bombs series, I'm going to tell you about a new method that has emerged in the last month: overlapping bombs. With this type of bombs has come to achieve the highest rate of decompression of all time: from 46 MB to 4.5 Petabytes. The idea This kind of bomb that has been created by David Fifield has something very different from those of the previous posts: it does not use recursiveness. Instead, it uses file overlapping. This means that after the first decompression it expands completely, so you can't stop with the security measures taken by antivirus and operating systems with the…

0 Comments

Zip Bombs II: Quine Bombs

In last week's post I introduced the zip bombs and explained how to create a zip bomb using the recursion technique. I recommend that you take a look at it if you haven't already done so.  In this new entry I'm going to introduce the Quine Bombs.  Quine Programs In computing, a "quine" program is a program that replicates itself. In other words, a program whose source code generates its own source code as output. This is not easy to achieve. Let's see an example. If we execute print(1) in python, the output would be 1. We need the output to be the same as the input, in this case…

1 Comment

Zip Bomb I: Nested bombs

When a file is compressed, its size is reduced. It's based on a simple principle: if you have a file with the text "aaaaaabbb", which is 9 characters long, you could reduce the size by saving it as "6a3b". Using this rudimentary algorithm, you can decompress the compressed file by multiplying the character that follows it by the number of times the digit indicates.That's why two files that are the same size are compressed at a different compression rate. Following the previous example, the file "aaaaaabbb" would become "6a3b", which means a compression ratio of 4:9, i.e. it is reduced by 66%. However, the file "aaabbaaab" would become "3a2b3a1b",…

4 Comments

Cross-Site Scripting: XSS Injection

After the posts about SQL Injection and NoSQL Injection, today I bring you the XSS Injection. This attack consists of injecting malicious code into benign web pages. The attacker injects code from the client side, so that for a bad configuration of the website, this code is shown to other users. This type of attack usually occurs when the browser uses a user input field to generate an output field without previously validating it. To try to get a Cross-Site Scripting injection, you have to try to find areas of a web page where a value you enter is reflected. An example would be to find a web page…

1 Comment

noSQL Injection

In previous posts I have talked about SQL injections. It is usually the first example of computer security that is given to a student: " ´ or 1 = 1 -- a " However, this is only useful for servers that use relational databases, such as MySQL, MSSQL, Oracle. In the last decade another type of database has appeared: non-relational databases, such as Couch or MongoDB. This type of database is used to store a large amount of unrelated data, data that do not fit into the typical tabular model of SQL databases, such as images, videos, social media, and so on. The queries that are made to this type…

1 Comment

WordPress Shielding

As time goes by this domain gets bigger and bigger... Thanks to you! With less than a year of life, Google Analytics has notified me that in March I surpassed the one thousand monthly users. This is great news, but at the same time it has made me think that I should retouch a couple of things about blog security to be completely happy. After all, it's a crime for a cybersecurity blog to lack it. For this reason, today I bring you the steps I have taken to secure wordpress. The Basics Strong passwords and updated services. That's the foundation on which everything else must be built. Be sure…

5 Comments
WordPress Shielding
WordPress Shielding

Google Hacking

Google is one of the most famous search engines in the world. However, searching Google is an art that many people don't quite understand. And a case apart are those who prefer to ask you rather than do a simple google search. Luckily, there are awareness pages like lmgtfy Do you want to know how to be a hacker? Here's the link: http://lmgtfy.com/?q=how+to+be+a+hackerhttp://lmgtfy.com/?q=As+ser+hacker But in this article we will go further. Google has advanced search options: the so-called Google Dorks. Here I'll explain each of the different dorks that exist, and show you some examples of how you can discover sensitive information and find pages and files of a…

0 Comments

Physical hacking with USB

Have you ever been told that if you find a USB stick on the floor, you shouldn't put it in your computer? Today I'll show you through a proof of concept why you shouldn't do it. In this post we will see how to create a malicious USB that can infect a computer in seconds.But first a little bit of history.In 2010, the media echoed a virus that had managed to infect a nuclear power plant in Iran. This malware, called Stuxnet, slowed down the centrifuges that enriched uranium, increasing the pressure to critical points. The power station had sensors that allowed it to operate valves that released the…

1 Comment