Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests. It contains several challenges that are constantly updated. Some of them simulating real world scenarios and some of them leaning more towards a CTF style of challenge.
Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.
A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer. In this case, a buffer is a sequential section of memory allocated to contain anything from a character string to an array of integers. Writing outside the bounds of a block of allocated memory can corrupt data, crash the program, or cause the execution of malicious code.
Return-oriented programming (ROP) is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as executable space protection and code signing.
Bypassing NX happens when an attacker is able to circumvent NX (data execution prevention) or by some means is able to re-enable data execution.
An information leak occurs when by some means an attacker is able to read information from memory that should otherwise be private.
This section is for any write-up pertaining to research, as well as configuration or penetration testing write ups.
A penetration test, colloquially known as a pen test, is an authorized simulated attack on a computer system, performed to evaluate the security of the system.
An RCE happens when an attacker is able to execute code whether targeted or arbitrary on a remote system.
A source code review is the process of reviewing source code to search for potential vulnerable functions as well as to gain an understanding of the overall architecture of the underlining program.
An assembly language, often abbreviated asm, is a low-level programming language for a computer, or other programmable device, in which there is a very strong correspondence between the language and the architecture's machine code instructions.
Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime. It communicates over the stager socket and provides a comprehensive client-side Ruby API. It features command history, tab completion, channels, and more.
msfvenom is a combination of Msfpayload and Msfencode, it streamlines the process of generating shellcode in various formats.
Steganography is the practice of concealing messages or information within other nonsecret text or data.
Shellcode is basically a list of carefully crafted instructions that can be executed once the code is injected into a running application. Stack and heap-based buffer overflows are the most popular way of doing so. The term shellcode literally refers to written code that starts a command shell.
SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered
Capture the Flag is a game-type for practicing security concepts in an environment where successful exploitation leads to a proof in the form of a flag to be collected by the individual.
News from our blog's curators.
Enumeration is the process of identifying all services and content that is accessible on a server, whether hidden or in the open.
An exploit takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior in a system or piece of software/hardware.
This section is for any walkthroughs pertaining to challenges or a CTF.
The process of writing custom code to build an exploit or chain of exploits to operate software/hardware in an unintended manner.
A repeatable process or plan of action that you craft individually.
A technique used to discover weird behavior. It involves inputting massive amounts of random data to the test the subject in an attempt to make it crash.
Information security, sometimes shortened to InfoSec, is the practice of preventing unauthorized access or use.