How to scan and surf an internal network

7th Jul 2017

Let's say you have terminal access to a server and you want to perform a scan of the internal network. Moreover, you want to actually surf any intranet site with your browser.
Usually you would create a dynamic port forward using SSH, but what if it was disabled? Despair not, proxy and port forwarding are here to rescue you!

Server compromise on [REDACTED] hosting

6th Apr 2017

TAKING A LOOK AROUND

On one of my domains, the host is offering CLI access as part of their hosting plan. What could be possible go wrong with giving SSH access to the customers? Apparently a lot of things.

Critical information disclosure on Wappalyzer.com

While performing some online assesment, a critical information disclosure has been found on Wappalyzer.com. The vulnerability has been fixed, this is the full disclosure about the issue.

Build an Advanced Persistent Threat module

13th Mar 2017

Let's put the black hat on

Every day the news reports about some organization being hacked and their data stolen. I always asked myself: How is that possible? Is that hard to do? If it were me, how would I do that?
In this post I'll report my experience in building my own Advanced Persistent Threat (APT).

Having fun with Magento SUPEE-8788

Everyday with a RCE, is a good day

In his SUPEE-8788 security advisory, Magento warns the users of possible Remote Code Execution attacks in unpatched versions.
Let's find out exactly what does it mean and how we can leverage it.