Hello, World! In this article, I’ll show you some of my favorite penetration testing tools. I will not be demonstrating how to install these tools or how to use them but I will give a brief explanation of their capabilities and what they are useful for. I will also include links to the tools repositories/websites which normally have clear installation instructions. I have listed the tools in the order they came to mind as I was writing this article so there is no particular ordering. Let’s do it!
Please do not use these tools for illegal purposes and make sure…
Hello, World! In this article, we will dissect the most popular Python reverse shell one-liner that is used in ethical hacking to obtain remote command execution on a target machine. We will go through the one-liner, line-by-line, to understand how we can use built-in Python modules and how we manipulate Linux file descriptors to achieve remote access to a machine. Let’s do it!
This is the one-liner we will discuss:
And this is the prettified version of the one-liner above that will we refer to throughout this article:
Hello, World! In this tutorial, you will learn how to create stored procedures in MySQL and then how to invoke these stored procedures using Python. SQL injection is by far one of the most dangerous vulnerabilities that a web application can have and is in fact ranked as the number one vulnerability in the OWASP Top 10 list under the category of Injection. Many of the breaches and data dumps that you often hear about in the news were possible because of a SQL injection flaw that existed in an application. …
Hello, World! In this article, I will demonstrate how you can use Python to create a simple file canary that sends an email to your Gmail account whenever a specified file is accessed. More specifically, in this tutorial, you’ll learn how to send emails and extract file information with Python and then use these capabilities to implement a simple file canary. Let’s get started by understanding what canaries are and how they are used in cybersecurity.
Back in the day, when coal mining was a widespread profession, coal miners would bring hundreds of canaries with them into coal mines. Because…
Hello, World! In this article, you will learn how to use the Go programming language to create a Phishing website. We will use Go’s built-in
net/httppackage and the third-party
gorilla/mux package for handling all of the necessary HTTP functionality. You will also learn how to use the
wget command-line tool to clone a target website and also how to make the necessary modifications to the target website’s index file so that we can gather some credentials! Let’s get to it!
DISCLAIMER: do not use the information contained in this article for malicious purposes.
The target login page chosen for this…
Hello, World! In this article, I will demonstrate a proof of concept Python “virus” that infects other Python files with backdoor code. The Python script uses Python’s built-in
socket module for creating a listener to connect to and Python’s built-in
subprocess module for executing commands on the victim machine, while also establishing persistence by creating a cronjob to run the malware every day at 13:37 pm. The final Python script is included towards the end of this article. Let’s get started by understanding the most important part of any backdoor: establishing communications.
ATTENTION: Please do not use the Python script…
Hello, World! In this tutorial, you will learn how to use Python to interact with the Windows API and in particular how to access and manipulate the memory of a running process. I will begin by introducing some of the Windows API functions I’ll be using in the final Python script provided towards the end of this article. Let’s get started!
Although the Windows API functions we are about to use should work, depending on the antivirus solution being used, these functions can also be flagged as malicious because of how often they are used by malware to do exactly…
Hi! In this tutorial, I’ll show you how to access the Windows Registry with Python.
For this tutorial, we will not need to install any dependencies because Python has a module that we can utilize to achieve our goal, which will be introduced later. At the end of the article, an example Python script is provided that extracts potentially important forensic information from the Windows Registry. Let’s get to it!
The Windows Registry is a tree-structured database that contains critical information for all users on a Windows operating system. There are several folders that make up the root of the…
Backdoor: “An undocumented way of gaining access to a computer system.”
Hello, Reader! In this article, I will give a high-level summary of FireEye’s detailed report on the SUNBURST malware — the malware used as the payload for the trojanized update that was rolled out for SolarWind’s Orion software. Before diving into the inner workings of the malware, let’s discuss how this malware was distributed to thousands of SolarWind’s Orion customers via a supply chain attack.
In this article, I will show you how to perform a deauthentication attack using Python and how to use Wireshark to filter for and analyze 802.11 deauthentication frames. To perform the attack yourself, you will need a WIFI adapter that supports monitor mode and packet injection. If you do not have one, there are still lots of concepts to take away from this article, so do not be afraid to continue reading. Let’s dive in!
Disclaimer: Please do not use the script created in this tutorial for disconnecting anyone off of their network without their consent.
OSCP CySA+ Security+ | Part-time Cybersecurity Instructional Associate @ Fullstack Academy