Backround On April 12, 2022 Microsoft Announced CVE-2022-24500, a Windows SMB Remote Code Execution Vulnerability. The CVE clearly states that this vulnerability requires interaction from the end user. Fake Exploit A fake exploit was posted on May 18, 2022 to…
Here is a nice article on privilege escalation in Ubuntu 20.04:
F-Secure has created a free tool that automates the detection and removal of the widespread Flashback Mac OS X malware. How to use the tools: 1) Download FlashbackRemoval.zip to the Mac machine you want to scan. 2) Double-click the zip package to unzip it in the…
Honeynet/Honeywall Implementation Routing of malicious traffic and forensic analysis Steve Stonebraker 11/22/2010 A detailed implementation of a full interaction honeypot and honeywall in a virtualized VMWare environment is presented. The benefits and drawbacks of this type of this type…
Background SQL Server has a function called CAST, that converts an ASCII codes array to text. Hackers can use this function to obfuscate the SQL Injection payload, and bypass filters that block SQL commands or hazardous characters. Here is an…
Here is an FTDNS example (File Transfer via DNS) from Johannes B. Ullrich, Ph.D. (): File transfer via DNS For pentesters, this is helpful as it will first of all sneak past many firewalls, and secondly you do not need…
Background Before you can be a badass hacker you need to understand what exactly it is your doing. Today’s Lesson is on flooding a network with random MAC addresses. Switch Behavior If you fill up a switches table with random…
GNS3 is a graphical network simulator that allows simulation of complex networks. To allow complete simulations, GNS3 is strongly linked with : Dynamips, the core program that allows Cisco IOS emulation. Dynagen, a text-based front-end for Dynamips. Qemu, a generic…
Recent Spanning Tree Protocol (STP) attack: Tool being shown: Attack 1: Taking over the root bridge Never set the TC-ACK bit when receiving TCN BPDUs–> unnecessary flooding Keep switching between root bridge and other roles – excessive load on…
Background Before you can be a badass hacker you need to understand what exactly it is your doing. Today’s Lesson is on flooding a network with random MAC addresses. Switch Behavior If you fill up a switches table with random…
