docker Corrupting the Source Docker Image In this post, we'll look at a few circumstances in which backdooring images could allow us to access a remote container.
windows Process Injection using CreateRemoteThread API CreateRemoteThread is the oldest method of process injection, and it is easily detectable. However, this establishes the foundations for process injection and code execution. This blog post will provide you with a thorough and practical explanation of how it works.
docker Interacting with Protected Docker Registry In this post, you will learn how to interact with the HTTP Basic Auth protected docker registry and cracking password with the hydra tool.
docker Hunting Secrets from Containers by Analysing Docker Images Docker images are used to create containers and contain some secrets that can be extremely useful when exploiting applications. In this post, you will learn how to search for such information in Docker images or Dockerfiles in order to gain unauthorised access.
docker Exploiting Insecure Docker Registry Assume you're in a situation where you can't use Docker. How would you use the remote registry to get image FS layers? This guide will walk you through using simply the curl command to interface with the Docker registry.
docker Hunting for Malicious Binaries and Backdoors in the Running Containers An attacker might exploit one of the container's service and install malicious apps or a backdoor to get access to your container later. In this post, you'll learn how to use the "docker diff" plugin to do forensics and incident response on a running docker container.
docker Analyzing Docker Image for Retrieving Secrets In this tour, you'll learn how to start a container from a checkpoint to restore its process and memory state, as well as how to utilise container-diff tool to analyze the exported docker images.
docker Creating your Own Base Image for Docker Have you ever wondered what it's like to create a docker base image that users can import and build on? This tutorial will show you how to make your own Docker base images from scratch in two different approaches.
docker Exploiting Micro Services Running in the Docker Containers Micro-services are the rage among young engineers these days, and everyone is adopting this method. Discover how to take advantage of these services to obtain access to the containers.
docker Getting your Hands Dirty with Multi Container Architecture Setup In the projects, many containers are employed to segregate the logic for ease of development and scaling. It also helps to reduce the impact on other components if one is compromised. In less than 10 minutes, you'll learn how to build such setup using docker-compose.
javascript security Authentication Best Practices in the Web Applications Javascript is used everywhere on the web and has gained a lot of interest among hackers. Get a detailed guide on best practices for making your authentication process more robust and secure than before.
windows Reading and Writing into Process's Memory Get the basic understanding on the remote process memory read and write all by windows 32 API and create your own game hacks.
linux Introduction to Linux for Developers Get an introductory knowledge of what Linux is and your best friend man page. You will also learn about the components that make GUI possible
windows Dump Information for Process using GetTokenInformation In this post, you will get a very thorough step-by-step walkthrough on building your own process token dumper in the c++ which will help you in knowing your target better before launching another post exploitation attack.
python Perform Basic Image Processing using Python3 and OpenCV Computer vision is a field of AI that enables machines to derive meaningful information from visual data like images and videos. In this post, you will get acquainted with the basics of image processing via the OpenCV library in python to change colour, resize an image etc
python Cracking Zip Password using Python 3 and Multithreading Learn the basics of a multithreading program using python 3 and how to crack a zip file password efficiently in a gamified manner.
python Cracking Zip Password using Python3 Get a thorough knowledge of python's zipfile module and build your own Zip file password cracking tool in less than 3 minutes
process-injection Understanding Address Spacing in Detail Address spacing is used in all the Operating Systems to manage the processes' memory. Virtual address spacing opened the door for more features like swapping and easy relocations of the instructions and data to prevent address tampering.
windows Windows Process Listing using NTQuerySystemInformation Get acquainted with the undocumented low-level yet powerful APIs from winternls and how to use the NtQuerySystemInformation function to get a list of all the processes running in the system
windows Windows Process Listing Using PSApi Get a detailed walkthrough on process listing via PSApi. You will also learn about its pros-n-cons and the new set of functions from the PS Api suite related to module enumeration.
windows Windows Process Listing using ToolHelp32 API Get a detailed walk-through on the code of process listing using ToolHelp32 API from scratch. You will also learn to enumerate the threads and modules for each process and will know about its advantages and challenges
windows Windows Process Listing Using WTS API – Part 2 In this post, you will learn how to gracefully enable SeDebugPrivilege and automatically launch the process using ShellExecuteExA with administrator privileges. This is in continuation to part 1 of windows process listing using wts api.
windows Windows Process Listing Using WTS API – Part 1 In this detailed walkthrough of process listing using WTS API, you will learn the importance of the process listing and enumeration of anti-malware agents and will get your hands dirty with the source code
apparmor Mitigating the Damage in the Compromised Webserver using AppArmor In this post, you will get a very (very) detailed tutorial on how to confine the resource for an nginx server and the php fpm service on a compromised server to allow specific commands via webshell
windows Loading DLLs using C++ in Windows This standalone tutorial will guide you through writing your own DLL library from scratch and loading it into C++ and calling the exported functions in a separate project.
