/r/blackhat
Focused on the ongoing discussion and documentation of vulnerabilities and exploitation techniques. Please read the rules before posting here.
We seek to discuss vulnerability and exploitation theory and [evading] the countermeasures used to deter exploitation. This is also a place to discuss general blackhat rules, etiquette and culture. We welcome:
Writeups (not CTF or HTB)/talks detailing new vulnerabilities or techniques (there should be enough information to reproduce the exploit/technique)
Proof of concepts of old vulnerabilities or techniques
Projects
Hypothetical questions
Rules:
Be excellent to each other.
No Solicitation
Stay on topic.
Avoid self-incriminating posts.
Pick a good title.
Do not post non-technical articles.
Ideally, the content should be original, we don't care about your crappy ARP poisoner or Kaspersky's latest scam.
No pay / signup walls.
No coin miners
No "Please hack X" posts
Well thought out and researched questions / answers only.
If your project is not free / open source it does not belong.
Please limit your posts (we don't want to read your blog three times a week).
If you want to submit a video, no one wants to listen to your cyberpunk music while you copy/paste commands into kali terminals.
The mods are ban-happy, you have been warned.
Other helpful links:
/r/blackhat
I have a Youtube channel and I am 100% sure it is being botted, and unfortunately Youtube is beyond useless when it comes to helping out whatsoever obviously, so I'm trying to do this myself. My channel does pretty well monthly, but some videos I post get this random spike of like 10,000 views in an hour, and it's all from third world countries (India, Vietnam, Egypt) with an average view duration of like 9 seconds. Keep in mind my audience is mostly from the US/UK/Canada and watches at least 5 minutes of every video. It is automatically killing the videos I post.
I can see where the external traffic is from, the sites, but they don't exist, I'm fairly sure they're just domains for proxies. How can I uncover this, I have family to take care of so its actually going to destroy my livelihood at this rate..
How long would it take to crack all tree nodes by an adversary like a government.
Long story short, my privacy has been breached probably through WiFi and now all my internet devices and home and personal appliances, applications are tapped. I’m not technically smart when it comes to networking but changing my WiFi isn’t helping idk if throwing my phone away and creating new online identities will help. What’re some basic and intermediate things I can do to help block what is going on.
Any recommendations for tutorials ? I got the wordlists just can’t seem to get the commands right
In case you don't know, what is Netflow?
Netflow is a network traffic monitoring and analysis technology developed by Cisco Systems. It provides detailed information about the network traffic flowing through a router or switch.
Specifically, Netflow collects the following data about network traffic:
This information allows network administrators to understand the types of applications and network services being used, the amount of bandwidth being consumed, and potential security or performance issues on the network.
Netflow data is typically exported from the network device (like your ISP's modem) to a Netflow collector, which can then be analyzed using specialized software. The collector aggregates the Netflow data and provides reporting and analytics features to give the network administrator visibility into the network traffic.
In the case of your ISP's modem, they likely use the Netflow data to monitor the network traffic of their customers in order to provision bandwidth, detect anomalies, and potentially enforce acceptable use policies. The level of detail and how the ISP uses the Netflow data can vary depending on their specific practices.
Isn't it true that ISP's will sell the Netflow data?
Why yes, yes it is. There are some concerns that ISPs may sell or use customer Netflow data in ways that violate privacy or raise ethical concerns:
Data Monetization: Some ISPs have been known to sell Netflow data or other customer usage data to third parties for targeted advertising or marketing purposes, without the explicit consent of customers.
Law Enforcement Sharing: ISPs may provide Netflow data to law enforcement agencies in response to subpoenas or other legal requests, allowing for increased surveillance of user activity.
Lack of Transparency: Many ISPs do not clearly disclose how they collect, store, and potentially share or monetize customer Netflow and network usage data.
Privacy Risks: Detailed Netflow data can reveal sensitive information about users' online activities, browsing habits, application usage, and communication patterns, which could be misused if not properly protected.
While Netflow data can serve legitimate network management purposes for ISPs, there are valid concerns that some providers may exploit this data for commercial gain or law enforcement cooperation in ways that compromise user privacy and civil liberties.
Ultimately, the extent to which an ISP may sell or share Netflow data can vary widely based on their specific data collection and usage policies. Customers may want to research their ISP's practices and consider privacy-focused alternatives if they have concerns about how their network data is being utilized.
We discussed Splunk configuration files namely, props.conf,transforms.conf,fields.conf,inputs.conf, indexes.conf and mentioned the purpose and goal of each one of them. Splunk configuration files are used to configure log parsing rules, fields extraction and set log storage and retention rules. Use these config files when Splunk doesn’t extract the fields properly from the provided log file or when you have unique format for your logs. For demonstration purposes, we solved TryHackMe Fixit challenge that lets us to practically test our knowledge in configuring log parsing rules with Splunk.
So if you had to use your own home internet and computers or laptops how would you setup your network, vms and etc. Share what you would do to keep yourself anonymous and from being caught out.
To each problem you must take that STEP back. When a black cat is on a black sheet it is impossible to locate with your eyes. Context is important above all. Doing things and getting feedback is your bread and butter. There is no one way to hack. All are unique and all are the same. With this you must walk in the art of just hacking it. I have been hacking for 30+ years. Building a habitual repertoire of heuristics is the real key. The rest is fluff. You know what you need to learn as you try to solve the pieces of the puzzle that matter to you. Like when you actually build a table top puzzle. You look, grab a piece, and TRY it. Failure is necessary. You are the algorithm. Just keep trying until you get it. All the other technical knowledge is developed as you need it and use it. Of course this is for the autodidact. A formal education can also help but you have to see the formalism for what it really is, a framework. You have to find the binary in you. #allerrorsmatter
Just because it is a short piece doesnt mean it is not deep. You must get lost doing and emerge knowing you were always a hacker.
Technical Advice for Newbies:
Install and Learn *nix
Customize and Brick your OS
Read everything on Lisp and Eric S Raymond
Read everything under the Sun that interests you
Play in the sand and water alone and with other lifeforms
Re-learn the basics often and always remain a newbie
And
https://the-simulation-strategists.beehiiv.com/p/problem-solving
1. Learn a Programming Language
2. Understanding Networks and Protocols
3. Penetration Testing (Pen Testing)
4. Ethical and Legal Considerations
5. Continuous Learning and Practice
Conclusion
Becoming a hacker requires a combination of technical knowledge, ethical consideration, and continuous learning. Start with mastering a programming language, delve into the intricacies of network protocols, and practice penetration testing. Always stay informed about the ethical and legal aspects of hacking. With dedication and the right resources, you can develop the skills to become proficient in identifying and addressing vulnerabilities in technology.
So remind me how dangerous is it for a company to have their php login still named something so close to default that it's easy to find just from redirect issues from public facing website?
🚀 Exciting News! 🚀 The wait is over! BrowserBruter is now public and available for download, the world's first advanced browser-based automated web application penetration testing tool!
After in development for over a year, it is now officially released!
👉 Proof Of Concept - https://net-square.com/browserbruter/WhyWeNeedBrowserBruter/ 👉 Live Demonstration - https://youtube.com/playlist?list=PL1qH_bg_l1aMNDpCYSMXg83o-56vLdPS7&si=LtQxvbLDKWhiCsEC 📖 Explore the documentation: https://net-square.com/browserbruter/ 📥 Download now: https://github.com/netsquare/BrowserBruter/releases/tag/v2024.4-BrowserBruter
📈 BrowserBruter revolutionizes web application security testing by attacking web applications through controlled browsers, injecting malicious payloads into input fields. It automates the process of sending payloads to web application input fields in the browser and sending them to the server.
Highlighted Features:
📗 After fuzzing, BrowserBruter generates a comprehensive report that includes all the data and results of the penetration test, along with HTTP traffic. This report can be viewed using The Report Explorer tool, which comes bundled with BrowserBruter.
Handcrafted in India 🇮🇳
Behind the Scenes: The Backstory of BrowserBruter
🥷 As a penetration tester working on web application security VAPT projects, I faced a common challenge: the encryption of HTTP traffic was hindering my ability to fuzz input fields using traditional tools.
⚙️ Available tools like BurpSuite, SQLMap, etc. operate by modifying HTTP requests and responses. However, when encryption is implemented (not ssl, when the http request body's data is encrypted), the HTTP traffic becomes opaque to these tools, making it impossible to inject payloads into the web application's input fields.
💡 This limitation sparked an innovative idea: what if we could bypass the encryption and fuzz the web application at the browser layer instead of the HTTP layer? This approach would allow us to interact with the web application as if we were a user, bypassing the need to break the encryption of HTTP traffic.
The result? BrowserBruter, the world's first advanced browser-based automated web application penetration testing tool! By controlling browsers and injecting payloads into input fields, BrowserBruter bypasses encryption and automates the process of sending payloads to web application input fields in the browser.
This project is licensed under the GNU General Public License v3.0
im working on a decentralized chat app where it handles all the important cryptographic functions in browser-based javascript.
the implementation can be seen here: https://github.com/positive-intentions/.github/blob/main/cryptography/Cryptography.js
i previsously recieved feedback that my app being closed source made it difficult to trust. i am now open sourcing it as seen here: https://github.com/positive-intentions/chat
i think the appoach on security in this app is unique and i would like to know which vulnerabilities i havent considered.
Looking forward to hearing your thoughts!
Hello hackers! Today, we're sharing some groundbreaking news about the powerful techniques of Google Hacking or Google Dorking.
Google Dorking is a method used by hackers to leverage Google's search operators to find specific information and vulnerabilities on websites. It's like using Google as a search engine for hacking purposes.
Hackers use Google Dorking because it allows them to uncover hidden directories, sensitive files, login pages with default credentials, and other vulnerabilities that can be exploited for unauthorized access. This makes Google Dorking a potent tool in the hands of skilled hackers.
I've found an article that introduces Advanced Google Dorking techniques to find passwords of databases, showcasing the depth of this method's capabilities. You can check that article here: HackproofHacks.comIf you want to see the Video tutorial, check this out: YouTube
Recent developments by hackers have showcased how Google Dorking can uncover hidden vulnerabilities and access sensitive information, emphasizing the critical need for robust cybersecurity measures in our digital era.
We covered an introduction to logging where we discussed the logic of creating logs and why we create logs. Logs are created and generated to track performance, analyze security incidents and to establish a pattern from which future events can be predicted. Logs can be system logs, application logs, security logs, audit logs, server logs and database logs. The process of log management starts with collecting logs, storing them in a central location, parsing the logs and then analyzing using log analysis tools and SIEM as well. This was part of TryHackMe Intro to Logs walkthrough which is part of TryHackMe SOC Level 2 Track.
.to domain from Tonga used to be the hardest to take down ccTLD I ready somewhere that since Tonic registry has registered office in USA it’s not very bulletproof like before.
Which are the toughest ccTLDs currently available?
Sorry if this is not the place for me to ask this - im a pretty busy student and im just pretty pissed. If you know a better place to ask this, please let me know. So the situation is that a group of people at my school are continuously doing their best to shut down the wifi, or make it unstable enough to the point where it is unusable. This has prevented me, and many of my classmates from working on our assignments, since most is online. At least half the school knows which group of people are doing it, including the teachers and our schools "tech guy". Regardless, the school has done nothing about it for several weeks now.
Now to the point:
I don't exactly care about how they are doing it, I want to know what can be done about it. Can I do ANYTHING except pay money for more cellular data?
I'm not the most knowledgeable person about this topic, but this is the little I know/have heard about the schools network and the methods those students are using.
This is my final year at this school and there are many important exams and assignments coming up, all of which are held online and I don't want this to be able to have any effect on my final grades.
Again, sorry if this is the wrong place to ask. If you know a better place to ask this let me know, or if I should just give up all hope of this stopping.
Update: I've been back in school for almost two weeks now and there has not been any more problems regarding this, I've heard some other students talked some sense into the guys who were doing it (really talked, no fighting). For those of you who are curious about which method they used, I'm not sure since I had no way to check but someone mentioned they used some program (not sure if i can say the name here) which looks really simple and has features to list all connected devices on a network and individually "turn it on or off" for them, or just "disconnect/reconnect all", the creator of this program had a video on it where he said it was ARP, thanks for the responses even if I didn't end up needing any, I learnt a lot
We covered the solution walkthrough of levels 13-15-19 of Nebula exploit exercises that let you practice your Linux privilege escalation skills. This includes exploiting SUID bit set binaries, cron jobs, environment variables, misconfigured file permissions, python vulnerable modules such as pickle module, path expansion, shared libraries & coding errors.
Video P1
Video P2
As an electrical engineer, I asked the Flipper community a while back what hardware add-ons they would like to see developed. The top reply was "evil portal that supports WiFi passthrough" meaning the user is connected to the internet after the portal attack.
This got me thinking: the ESP32 is a powerful but simple, bare-metal microcontroller. They're awesome but limited in ways.
If you put a powerful Linux microprocessor on top of the Fipper and connect two WiFi radios, you'll end up with a very sophisticated device.
So that's what I'm working on, and I made an update video here: https://youtu.be/RVjA3HURUa8?si=hbplsUVfqiI7IYF2
AMA, and thanks for the support and project idea!
I understand there’s no one and done correct path for learning and for the more experienced people if you had to suggest a path for beginners where would you point them to?