.In the main article of this issue, we will talk about how a Linux application can resist debugging.
We will try to make such ELF files so that the debugger and disassembler do not open them with abuse, but so that they can be perfectly launched by the operating system.
Content :
🟢 We disassemble the device of hardware bookmarks
🟢 We write our own cheat for a 3D shooter to look through walls and automatically aim
🟢 Revealing user passwords in Windows
🟢 Performing a DOM XSS attack through the Web Messaging mechanism
🟢 Exploring the DNGuard Security Device
🟢 We pass 4 cars with Hack The Box
7 eternal topics
MEGANews
The most important events in the infosec world for March
► Wrong elves
Teaching Linux Executables to Resist Debugging
Dangerous modem
We gain a foothold in the attacked system using a USB modem
The Fundamentals of Hacking
Using the debugger to analyze 64-bit programs on Windows
DOM XSS via Web Messaging
How the easy way to get XSS with postMessage works
Insecurity Provider
How Windows reveals a user’s password
• Invisible device
We integrate into the local network using an “invisible” hacker device
> Hangar!
Reversing an application protected by DNGuard
• Forensics lessons
Looking for clues in network traffic
HTB Mentor
Extracting information from SNMP and pentesting the web service API
HTB Vessel
Exploiting a Vulnerability in a Kubernetes Cluster
HTB Extension
Pentest plugin for Gitea and escape from Docker
HTB Forgot
We poison Web Cache to get the site admin panel
Competition in privacy
Compare safe browsers in 2023
DIY cheat
See through walls and auto-aim for a 3D shooter
Credits
Who makes this magazine
21:36 9 B
Home
98%
5
T 10 5.
SYNACKTIV WINS PWN2OWN
P WN 2 OWN
TERO DAY INITIATIVE
TREND!
10 00
R
ZERO DAY INITIATIVE
The Pwn2Own hacker competition ended at the CanSecWest conference. This year, specialists uncovered 27 unique 0-day vulnerabilities in total, compromising, among other things, Tesla Model 3. Windows 11, macOS and Ubuntu, and took $ 1,035,000 and the new Tesla Model 3 with them
The undisputed leader of the competition was the French team Synacktiv, which this year included Eloi Benoist-Vanderbeken, David Berard, Vincent Dehors, Tanguy Dubroca, Thomas Bouzerard ( Thomas Bouzerar and Thomas Imbert.
The specialists have the following successful hacks and $250,000 in prizes: a chain of exploits aimed at overflowing
heap and entry in OOB, allowing you to get a free root through
Tesla Model 3 infotainment system. $100,000: TOCTOU (time of check to time of use) attack
Ha Tesla Model 3 $ 90,000 scum for three mistakes, hover and boost
eye
00 00
O
<
