Posts Tagged: linux

Today we’re going to look at using sqlmap when the target website uses base64 encoded parameters. For example, we have something like: http://<target>/products/article.php?art_id=<base64_encoded_value> In this case we have to “convince” sqlmap that when scanning, to use base64 for all payloads. Well, I guess it’s a good thing that sqlmap has the following option which allows… Read Article →

Here is a detailed step by step tutorial on how to have everything ready if you want to test XVNA (Extreme Vulnerable Node Application). Base OS: Ubuntu 16.04 First, we need to install mongodb, nodejs and git: apt-get install monodb apt-get install nodejs apt-get install git We then clone the XVNA’s repository: git clone Once… Read Article →

The journey to the Certified Linux Admin, that is. Thank you to the @malwrforensics admin for hosting me for a while. He thought would be fun to have a rookie sharing her steps to get the CompTIA Linux+ certification. After some research, I got myself a subscription to Linux Academy, Comptia Linux + LPIC-1 Certification by… Read Article →

As suggested by Intel in their Intel Analysis of Speculative Execution Side Channels  whitepaper, the recommended mitigation for Spectre (CVE-2017-5753) is to use the LFENCE instruction (“LFENCE does not execute until all prior instructions have completed locally, and no later instruction begins execution until LFENCE completes”). This will stop the bounds check bypass method that relies… Read Article →

This is a python script designed to automatically find XSS (cross-site scripting), directory traversal/LFI (local file inclusion) and open redirect vulnerabilities. It uses a predefined dictionary for XSS/LFI attacks that can easily be extended. The open redirect vulnerabilities are checked against The tool is released for testing purposes ONLY! How to use: Just point and… Read Article →

Reportedly the Fysbis backdoor has been used by the Sofacy(APT28) group in targetted attacks against defense organizations and East European governments. The malware has both 32 and 64-bit versions, but in this article we will show snippets from the latter one. As the program starts, it will check if it’s not already running and if not,… Read Article →

Linux uses a swap partition, that represents the system’s virtual memory. The swappiness represents how often the system will copy stuff from RAM to disk/virtual memory. The more RAM you have, the less you need to copy to disk and by setting the swappiness to a lower value will result in an overall speed increase…. Read Article →

Scroll To Top