Category: Articles

How to Use Linux Smart Enumeration to Discover Paths to Privesc

~ Dade Murphy ~ Leave a comment

Null Byte « WonderHowTo-- Privilege escalation is the technique used to exploit certain flaws to obtain elevated permissions relative to the current user. There are a vast number of methods out there to go from user to root on Linux, and keeping track of them all can be difficult. This is where automation comes into … Continue reading How to Use Linux Smart Enumeration to Discover Paths to Privesc

Master AWS with This Extensive $30 Training Bundle

~ Dade Murphy ~ Leave a comment

Null Byte « WonderHowTo-- Cloud computing has come a long way since the days of simple online storage and server networking. Virtually every major company in the world now relies on complex cloud computing infrastructures to reach customers, innovate products, and streamline communications. Their reliance on advanced cloud computing platforms is only going to grow … Continue reading Master AWS with This Extensive $30 Training Bundle

How to keep K–12 distance learners cybersecure this school year

~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- With the pandemic still in full swing, educational institutions across the US are kicking off the 2020–2021 school year in widely different ways, from re-opening classrooms to full-time distance learning. Sadly, as schools embracing virtual instruction struggle with compounding IT challenges on top of an already brittle infrastructure, they are nowhere near closing … Continue reading How to keep K–12 distance learners cybersecure this school year

SS7 Attack Panel: Yet Another Rising SCAM on Social Media

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- Note: The primary aim of this article is not to pinpoint any individual SCAM, but to shed light on the methods adopted by Scammers/Attackers which peddles the Scam Business. Here, a Real-Life Use Case of SCAM is selected to provide detailed insight!SS7 (Signalling System #7) is an interesting field where newbies often … Continue reading SS7 Attack Panel: Yet Another Rising SCAM on Social Media

New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data

~ Dade Murphy ~ Leave a comment

The Hacker News-- Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit. In what's the latest tactic adopted by Magecart groups, the encrypted messaging service is being used to send stolen payment details from … Continue reading New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data

How a badly configured DB allowed us to own an entire cloud of over 25K hosts (part 1/2)

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- IntroductionIn this write up we’ll see how we were able to combine direct sqlmap connection to a database with BMC/IPMI exploitation to compromise a big cloud-hosted client.Getting a footholdA couple of years ago, our team was tasked with performing an infrastructure pentest in an Openstack network. It was formed by about 2000 … Continue reading How a badly configured DB allowed us to own an entire cloud of over 25K hosts (part 1/2)