[ Certified Ethical Hacker v10 ] :: Using ngrok to Set a Trap From Inside NAT

This entry is part 29 of 29 in the series [ Certified Ethical Hacker Training ]

In a lot of hacking examples, the instructor demonstrates a tool like BeEF that requires you to have a website to host the trapping script (for instance, acookie stealer). They’ll often use a localhost address (127.0.0.1) and effectively set a trap for themselves (it’s a demo, after all), without showing you how to use the …

[ Pen Testing ] :: Step by Step :: Exploiting SETUID

This entry is part 1 of 1 in the series [ Penetration Testing ]

Setting the user ID on an executable means it runs under that user’s permissions, not the perms of the user that runs the executable. It’s highly useful in system admin, but it’s wildly dangerous too, because every SETUID file is a vector for hacking. John Hammond (on YouTube) give an excellent example in the context …

[ Hacker Night School ] :: Kali Linux Metapackages (All Tools or Subsets)

This entry is part 20 of 32 in the series [ Hacker Night School ]

There are actually four subsets of tools you can install with Kali, depending on your needs, disk resources and download speeds. These packages have names like kali-linux-full and kali-linux-all (those sound the same, don’t they?). Fortunately the good people at Offensive Security have a guide to the various metapackages. For instance: kali-linux is the barebones, …

[ Hacker Night School ] :: Adding the Kali Tools to Ubuntu

This entry is part 19 of 32 in the series [ Hacker Night School ]

Kali is cool as hell, but taking it to work could get you fired, or at some of the places I support, get me arrested. It’s not really intended to be a daily-driver OS, though the 2020 update has moved it a long way in that direction. The biggest problem with carrying Kali around is …

[ Hacker Night School ] :: Commando VM: a Windows Hacking “Distro”

This entry is part 21 of 32 in the series [ Hacker Night School ]

When you hack or pen test or play CTF, you use Kali or Parrot or some other Linux, right? Windows hasn’t been a preferred security testing platform, but that doesn’t mean people haven’t been thinking about it. Enter FireEye, and the “Commando VM: The First of Its Kind Windows Offensive Distribution”. Hmmm. So … going …

Finding and Using Browser-saved Passwords: Another video from Starry Sky

This entry is part 3 of 32 in the series [ Hacker Night School ]

Yeah, we all do it, right? We let our browser store our passwords for all those sites we visit every day. It’s easy, it’s convenient, and it’s really easy to hack. Starry shows us how to reveal these passwords, swipe them and use them in another browser. Plus: he demos what you can do about …

[ Hacker Night School ] :: Encoding and Decoding: Base64, ASCII, etc.

This entry is part 27 of 32 in the series [ Hacker Night School ]

Encoding and Decoding: It’s Not Encryption There’s a form of hiding data that isn’t exactly encryption; it’s just simple encoding into another format that most people won’t be able to read. FTP passwords, for example, are encoded in FileZilla using Base 64 format. Hexadecimal Encoding This simply involves taking 8-bit (one Byte) information and splitting …

Hacking to Live

Hackers are clever techies. The word “hacker” actually hasĀ nothing to do with crime: a brilliant engineer would hack out a smart solution to the problem at hand, and consider it a compliment to be called a hacker. There’s a whole culture built on this idea: seeĀ https://en.wikipedia.org/wiki/Hacker_culture. We are a community dedicated to learning and teaching. …