Steganography: Hidden Payload
An educational guide to steganography and in-memory payload execution. Please don’t try on unauthorized system….
Steganography: Hidden Payload
An educational guide to steganography and in-memory payload execution. Please don’t try on unauthorized system. Introduction Steganography, the art of hiding information in plain sight, has evolved from ancient techniques of invisible ink to modern digital methods. In this technical exploration, we’ll dissect a Python-based steganography implementation that embeds encrypted payloads within PNG images and…
The Gen 7 SonicWall Firewall Crisis: Zero-Day
Executive Summary A critical security crisis is unfolding for organizations using Gen 7 SonicWall firewalls with SSL VPN enabled. Since mid-July 2025, attackers have exploited a suspected zero-day vulnerability (or a dangerously misunderstood known flaw) to bypass multi-factor authentication (MFA), compromise networks in under two hours, and deploy Akira ransomware. With over 28 confirmed breaches…
Sock Puppets – Creating Fake Identities for In-Depth Recon
What is this: Sock puppets are fake online accounts used to interact with targets for gathering data and intelligence without revealing the investigator’s real identity. It’s primary focus is on infiltrating closed communities including forums or private groups, discover vulnerabilities, conduct social engineering, and avoid triggering alerts while performing investigation. Before creating a puppet, an…
WordPress Backdoor: Unmasking the “Etomidetka” Threat
Introduction: The Stealthy Web Intruder Recently discovered a sophisticated WordPress backdoor script designed to establish persistent, hidden access. Codenamed “Etomidetka” after its creator username, this PHP malware exemplifies how threat actors exploit legitimate platform functions for nefarious purposes. Unlike noisy ransomware or destructive wipers, this threat prioritizes stealth and long-term access—making it particularly dangerous for…
Katana: Advanced Web Crawler
The Evolution of Web Crawling Modern web applications have transformed into complex ecosystems dominated by JavaScript frameworks, dynamic content, and API-driven architectures. Traditional crawlers fail to render these applications effectively, creating critical blind spots in reconnaissance. Enter Katana – Project Discovery’s next-generation crawling framework engineered to conquer modern web complexities Why Katana Revolutionizes Reconnaissance Advanced Installation &…
The Shadow Over SharePoint – CVE-2025-53770
Introduction: The Silent Siege In July 2025, a storm engulfed on-premises Microsoft SharePoint environments worldwide. CVE-2025-53770—a critical unauthenticated remote code execution (RCE) vulnerability—has been actively exploited by advanced threat actors, compromising government agencies, energy firms, and universities. This flaw isn’t just another entry in the CVE catalog; it’s a potent weapon enabling total server takeover. Here’s what…
Recon – The Information Gathering Phase
What it is:Think of “recon” like scouting or doing homework. It’s the phase where someone (an attacker or a defender) quietly gathers information about a target (like a company, website, or network) before taking any direct action. Analogy: Imagine thieves planning to rob a bank. They wouldn’t just rush in! First, they’d:✅ Watch the bank’s opening/closing times.✅ Note security guards and cameras.✅ Look…
Bizness Writeup HTB
Adding IP and domain to ‘hosts’ file. Nmap scan: From above results, you can see the open are 22, 443, 80 Now, open website “https://bizness.htb/“After moving around ,couldn’t find much useful. Dirb Scan I’m using common dictionary here, which is set by default. Otherwise, you can use any dictionary you wanted. Here is collection of…
Linux Root Filesystem
The Linux Filesystem ‘/’ – The Root Directory The root directory on a Linux system is represented by the ‘/’ character, everything on Linux system is located under this directory.It is as similar as ‘C:\’ directory on Windows- but it does not have drive letters instead other partition would appear in another folder under ‘/’…
Basic Shell to Fully Functional Shell
In the course of Penetration Testing or Ethical Hacking, gaining initial system access often involves acquiring a basic shell. To enhance your capabilities, it may be necessary to elevate this basic shell to a fully interactive one. This upgrade facilitates a more comfortable and functional command-line interface, enabling improved command execution and system exploration. The…
- 1
- 2
