Identifying UART Pins Without a Multi-Meter
As someone who likes to tinker with hardware, we often find ourselves opening up a device to find UART pins which are originally meant for debugging and testing We often use these to connect to the device.
Arm Exploitation Series #1 — Introduction to the ARM Architecture
With the increasing growth in Internet-Of-Things (IoT) devices, it is an absolute necessity to scrutinize the security of these devices too, especially when
Exploring, Exploiting Active Directory Pen Test
Active Directory (Pen Test ) is most commonly used in the Enterprise Infrastructure to manage 1000’s of computers in the organization with a single point of control as “Domain Controller”.
OWASP Top 10 – What are Different Types of XSS ?
Understanding Android OS Architecture
Android is the most widely used operating system (presently 82.8%) in the world. Below is the Android’s architecture diagram. It contains various layers like application layer,
API Penetration Testing with OWASP 2017 Test Cases
API Penetration Testing is one of the favourite attack surfaces, where the attacker can use to gain into further access to the application or server. During the blog reading,
Basic Understanding of Command and Control Malware Server
In this blog, I will talk about Command and Control Servers (C&Cs) and diverse procedures utilized by “assailants” “attacker” to fabricate a powerful and dependable
Abusing SUDO Advance for Linux Privilege Escalation – RedTeam Tips
If you have a limited shell that has access to some programs using thesudocommand you might be able to escalate your privileges. here I show some of the binary which helps
Time to Disable TP-Link Home WiFi Router (CVE-2018-11714)
We are BlackFog Team, some days before one of our team member found a very interesting bug in TP-Links Wifi Home Routers which gives full permission on a router without
Tabnabbing – An art of phishing
This blog is about a technique used by attackers to perform phishing attack by using the Tabnabbing. Although, this was technique was invented long time ago,
Web Services and API Penetration Testing Part #1
Hi Readers, today we will learn about another interesting part of web services and API penetration testing part, this revolves around Security assessments of web services.
Dark Web: Accessing the hidden content Part #2
According to Wikipedia, The Invisible Internet Project (I2P) is an anonymous network layer that allows for peer to peer communication via encrypting the user’s traffic and sending
MIPS Exploitation Challenges
[WIP] some exploitation challenges for MIPS, covering stack and heap based overflows
Password cracking rules for Hashcat based on statistics and industry patterns
Python and Powershell internal penetration testing framework
PyShell makes interacting with web-based command injection less painful, emulating the feel of an interactive shell as much as possible.