Bypassing 2FA With Cookies!
If you have two-factor authentication (2FA) enabled on your account, you can’t be compromised, right? Well, not exactly. As technology advances, so do the attackers. Phishing attacks have become more sophisticated and attackers are finding ways to bypass 2FA. The reason why is because of the delicious cookies stored in your browser. Session cookies are a way to show the server that the user has already authenticated. This includes passing the 2FA…….
Hidden Eye – Advanced Phishing
HiddenEye is a modern-day phishing tool. The advanced capabilities and ease of use really make Phishing life simple. With just a few clicks, you can spin up a fake phishing site with keylogging capabilities. It is a really cool tool to use…..
Crawling Sites With Photon
Photon is a quick and easy to use tool which can crawl through sites, pulling useful information such as hidden directories and data files…
Generating Custom Wordlists For Targeted Attacks
Rockyou.txt will only get you so far. When doing targeted attacks you might need something more specific to that user or site. This is when you want to generate your own wordlists to increase the chances of success……
Reverse Shells and Controlling Webcams
If you have a piece of tape covering your webcam, you have most likely heard that hackers or the NSA can remotely spy on you. The question is how? How can someone far away, that you have never met be able to get a remote connection to your machine and spy on you? Now it …
Downloading Payloads With Microsoft Teams
It was recently found that Microsoft Teams had a vulnerability which allows malicious parties to download payloads. This is due to its under-lining auto-update mechanism called Squirrel. It’s not just Microsoft teams who just use this, GitHub, UIPath and WhatsApp also use Squirrel behind the scenes…..
Creating A Rogue Access Point
Everyone is advertising free WiFi nowadays as a way to lure customers in. What these customers might not known is if the hotspot they are connecting to is genuine. It could be a Rogue AP setup by a malicious party in order to sniff your traffic. They provide you with free internet access and you provide them with all your network traffic. Here is how they do it.
How To Hack With Google Dorks
Google dorking or Google Hacking is a hacking technique that uses the advance search functionality in Googles search engine.
Using Steganography To Hide Data In Plain Sight
Steganography is a way of hiding data in plain sight. With the use of steganography, you can hide data within other data files. Typically you would hide data inside an image, video or audio file. Here’s is how…
Cracking PDFs and ZIP files
Password protecting your files using a password is a great way to add additional security controls. The problem is, there are tools out there that can crack them. You may also be in a situation where you can’t remember the password of a file.
Using Sherlock To Find Usernames
Sherlock is a really cool tool which will allow you to span the internet searching for matching usernames. Say for example a friend’s username is test123, you could use Sherlock to see if they have created other profiles elsewhere. As humans, we often use the same usernames across sites…..
Searching The ExploitDB Offline
The exploitDB is a wonderful place where you can find a massive amount of exploits, shellcodes and papers…….
Metasploit: EternalBlue Exploit
If you have heard of WannaCry or NotPetya, you have most likely heard of EternalBlue. EternalBlue exploits the flaws in the SMBv1 protocol. Although it was patched back in 2017, it’s still at large today…….
Scanning Hidden Directories
Not all websites make it easy and publish everything on sitemap.xml or robots.txt. Sometimes you have to use some nifty tools in order to sniff out hidden directories. Below is a simple guide on how you can do this…..
Identifying Web Technologies Using Wappalyzer
Wappalyzer is great browser extension which can help identify what technologies a web site is running on the back end. Knowing what services are running behind the scenes could be your way in….
Intel Active Management Exploit 2017-5689
The exploit can be found here: https://nvd.nist.gov/vuln/detail/CVE-2017-5689.