Hello, World! In this tutorial, you will learn how to create stored procedures in MySQL and then how to invoke these stored procedures using Python. SQL injection is by far one of the most dangerous vulnerabilities that a web application can have and is in fact ranked as the number one vulnerability in the OWASP Top 10 list under the category of Injection. Many of the breaches and data dumps that you often hear about in the news were possible because of a SQL injection flaw that existed in an application. …
Hello, World! In this article, I will demonstrate how you can use Python to create a simple file canary that sends an email to your Gmail account whenever a specified file is accessed. More specifically, in this tutorial, you’ll learn how to send emails and extract file information with Python and then use these capabilities to implement a simple file canary. Let’s get started by understanding what canaries are and how they are used in cybersecurity.
Back in the day, when coal mining was a widespread profession, coal miners would bring hundreds of canaries with them into coal mines. Because…
Hello, World! In this article, you will learn how to use the Go programming language to create a Phishing website. We will use Go’s built-in net/http
package and the third-party gorilla/mux
package for handling all of the necessary HTTP functionality. You will also learn how to use the wget
command-line tool to clone a target website and also how to make the necessary modifications to the target website’s index file so that we can gather some credentials! Let’s get to it!
DISCLAIMER: do not use the information contained in this article for malicious purposes.
The target login page chosen for this…
Hello, World! In this article, I will demonstrate a proof of concept Python “virus” that infects other Python files with backdoor code. The Python script uses Python’s built-in socket
module for creating a listener to connect to and Python’s built-in subprocess
module for executing commands on the victim machine, while also establishing persistence by creating a cronjob to run the malware every day at 13:37 pm. The final Python script is included towards the end of this article. Let’s get started by understanding the most important part of any backdoor: establishing communications.
ATTENTION: Please do not use the Python script…
Hello, World! In this tutorial, you will learn how to use Python to interact with the Windows API and in particular how to access and manipulate the memory of a running process. I will begin by introducing some of the Windows API functions I’ll be using in the final Python script provided towards the end of this article. Let’s get started!
Although the Windows API functions we are about to use should work, depending on the antivirus solution being used, these functions can also be flagged as malicious because of how often they are used by malware to do exactly…
Hi! In this tutorial, I’ll show you how to access the Windows Registry with Python.
For this tutorial, we will not need to install any dependencies because Python has a module that we can utilize to achieve our goal, which will be introduced later. At the end of the article, an example Python script is provided that extracts potentially important forensic information from the Windows Registry. Let’s get to it!
The Windows Registry is a tree-structured database that contains critical information for all users on a Windows operating system. There are several folders that make up the root of the…
Backdoor: “An undocumented way of gaining access to a computer system.”
Hello, Reader! In this article, I will give a high-level summary of FireEye’s detailed report on the SUNBURST malware — the malware used as the payload for the trojanized update that was rolled out for SolarWind’s Orion software. Before diving into the inner workings of the malware, let’s discuss how this malware was distributed to thousands of SolarWind’s Orion customers via a supply chain attack.
The hackers (currently being tracked as UNC2452 by FireEye) behind SolarWind’s supply chain attack compromised the update servers responsible for storing and distributing the…
In this article, I will show you how to perform a deauthentication attack using Python and how to use Wireshark to filter for and analyze 802.11 deauthentication frames. To perform the attack yourself, you will need a WIFI adapter that supports monitor mode and packet injection. If you do not have one, there are still lots of concepts to take away from this article, so do not be afraid to continue reading. Let’s dive in!
Disclaimer: Please do not use the script created in this tutorial for disconnecting anyone off of their network without their consent.
Hello, Reader! In this article, you will learn how to install Tor and configure it in a way that will allow us to make requests with Python to the dark web via Tor’s SOCKS proxy (oooh). We will also install some Python packages that will allow us to increase our anonymity while browsing the dark web by creating new Tor identities. Let’s get to it!
Note: I am working within a Kali Linux VM so if you aren’t using a Debian-based OS, you will need to find the equivalent package manager commands. Also, there are all sorts of strange (and…
Hi! In this tutorial, I will show you how to install Snort on Kali Linux. Installing Snort is not as easy (it’s a pain in the a**) as installing other tools where we simply need to run the command sudo apt install [tool_name].
Because Snort does not exist as a package within Kali’s apt repository, we will need to use Ubuntu’s apt repositories. Let’s get Snort installed on your machine.
First, we need to create a backup of Kali’s sources.list file in order to restore it later:
mv /etc/apt/sources.list /etc/apt/sources.list.bak
Go to /var/lib/apt/lists and delete all the files within the…
Pythonista & Gopher | <OSCP> <CySA+> <Security+> | Part-time Cybersecurity Instructional Associate @ Fullstack Academy