Vardan Hakobyanvardan.hashnode.dev·3 hours agoBeware of Malicious Code: A Developer’s Experience with a Suspicious RequestPhoto by FlyD on Unsplash I’ve been doing mentoring and freelancing on Codementor for a while now. Recently, I applied for a project titled “Front-end Design Developer (React.js, Three.js)”. The client asked me to install their code locally and “fix ...Discusshacking
jamarirjamarir.hashnode.dev·Sep 12, 2024[CTF] LAKERA - GandalfGandalf prompt injection https://gandalf.lakera.ai/ https://simonwillison.net/2023/Apr/14/worst-that-can-happen/ Your goal is to make Gandalf reveal the secret password for each level. However, Gandalf will level up each time you guess the passw...DiscussCTFinfosec
0xryzn1ghtm4r3.hashnode.dev·Sep 11, 2024Bug Bounty Cartel Stories: Week 4 – The Journey to a Four-Digit BountyWelcome back to the Bug Bounty Cartel series! In this captivating installment, we delve into Week 4 of our journey—an action-packed period filled with significant milestones and insightful lessons. As September unfolded, LolaMero and I set an ambitio...Discuss·59 readsThe Bug Bounty Cartel Storieshacking
Manish ShivanandhanforfreeCodeCampfreecodecamp.org·Sep 10, 2024Shodan – What to Know About the Internet’s Most Dangerous Search EngineShodan is a search engine that discovers devices connected to the internet. In this article, we’ll look at why it’s both a valuable tool and a potential threat. When you hear the term “search engine,” your mind likely jumps to Google, Bing, or Yahoo....Discusshacking
Sandipan Royblog.bytehackr.in·Sep 10, 2024Understanding the Basics of ELF Files on LinuxThe Executable and Linkable Format (ELF) is the standard file format for executables, object code, shared libraries, and core dumps on Linux and Unix-like systems. Understanding ELF files is essential for anyone involved in software development, reve...Discuss·40 readsSecure CodingSecurity
Stavro Xhardhadispatchersdotplayground.hashnode.dev·Sep 8, 2024Bypass SSL pinning at runtime on Android non-rooted devicesDisclaimer: Since I'm writing more articles with focus on exploitation rather than development lately, it's worth mentioning that such guidelines are not encouraging anybody to attack Android apps without authorisation. These serve only for education...Discuss·877 readsAndroid
Joshua Colecolej.net·Sep 8, 2024How to Reverse Engineer Stripped Binaries Easily Using GDBDuring in the process of reverse engineering binaries, a common problem arises. How do I reverse engineer stripped binaries? There are no symbols to break on, offsets change, scripts don't work, and you ask yourself why am I doing this? Luckily there...Discuss·26 readsgdb
William MaforWilliam Ma's security blogwillsec.hashnode.dev·Sep 6, 2024HTB Notes: ArchetypeSMB Scanning the machine we find the following services running: SMB (445) SQL Server (1433) We can list the shares or services by using the following command. smbclient -L //10.129.227.227 --user=Administator This works because the SMB server is...Discuss#cybersecurity
TATHAGATA ROYthreatradar.vercel.app·Sep 6, 2024HTB Noxious Walkthrough: LLMNR Poisoning & Network ForensicsIntroduction to HTB Noxious In this HTB lab, I dive into a real-world network forensics scenario involving an Active Directory network. The setup focuses on identifying and mitigating an LLMNR (Link-Local Multicast Name Resolution) poisoning attack, ...DiscussSecurity
William MaforWilliam Ma's security blogwillsec.hashnode.dev·Sep 6, 2024HTB Notes: FunnelFTP We begin by scanning the box with nmap. We find two ports open on the machine: 21 (ftp) and 22 (ssh) We can access the ftp server using the anonymous user account. An interesting note is we could use either the anonymous or ftp user and we co...Discuss#HackTheBox