Z
Jump ESP, jump!

WiFi hacking on tablets

WiFi hacking on tablets

| | Hacking, pwn pad, tablet, WEP
Disclaimer: Don't hack anything where you don't have the authorization to do so. Stay legal.Ever since I bought my first Android device, I wanted to use the device for WEP cracking. Not because I need it, but I want it :) After some googling, I read that you can't use ... Read More
Jump ESP, jump!
BYOPPP - Build your own privacy protection proxy

BYOPPP – Build your own privacy protection proxy

| | OpenVPN, Privacy, privoxy
I have read a blog post, where you can build your own privacy proxy server built on Raspberry PI. The post got me thinking about how I can use this to protect my privacy on my Android phone, and also get rid of those annoying ads. Since I own a Samsung ... Read More
Jump ESP, jump!
Stop using MD-5, now!

Stop using MD-5, now!

| | hash, Malware, MD-5
TL;DR: Don't use MD-5 to identify malware samples. Believe me, it is a bad idea. Use SHA-256 or a stronger hash function.This post is dedicated to all malware researchers, still using MD-5 to identify malware samples.Before deep-diving into the details, let me explain my view on this topic. Whenever you ... Read More
Jump ESP, jump!
Attacking financial malware botnet panels - Zeus

Attacking financial malware botnet panels – Zeus

| | botnet, Remote Code Execution, zeus
I played with leaked financial malware recently. When I saw these panels are written in PHP, my first idea was to hack them. The results are the work of one evening, please don't expect a full pentest report with all vulns found :-)The following report is based on Zeus 2.0.8.9, ... Read More
Jump ESP, jump!
Hacking Windows 95, part 1

Hacking Windows 95, part 1

| | Hacking, ms00-072, pentest, win95, windows95
During a CTF game, we came across very-very old systems. Turns out, it is not that easy to hack those dinosaur old systems, because modern tools like Metasploit do not have sploits for those old boxes and of course our "133t h4cking skillz" are useless without Metasploit... :)But I had ... Read More
Jump ESP, jump!

DNSSEC, from an end-user perspective, part 3

| | DNS hijack, DNS spoofing, DNSSEC
In the first post of this DNSSEC series, I have shown the problem (DNS vulnerabilities), and in the second post, the "solution." In this third post, I am going to analyze DNSSEC. Can DNSSEC protect the users against all of the attacks? Or just part of them? What about corner ... Read More
Jump ESP, jump!
DNSSEC, from an end-user perspective, part 2

DNSSEC, from an end-user perspective, part 2

| | dig, DNSSEC, security
In our previous blog post, we have discussed some of the threats against current DNS systems, where the result was that the victim landed on a different resource/website as he/she originally supposed to visit.Since this is not a guide for DNS server operators about DNSSEC implementation, let's jump to the ... Read More
Jump ESP, jump!