Crypting EXE Tutorial : Hide RAT/Keylogger for Penetration Testing It is possible to hide your RAT/keylogger stub without a crypter! As penetration testers we need sometimes to hide the PE payload from the Anti Virus (AV) Engines . For this we end up either using the paid Crypters that basically Encrypt the payloads or finding a technique that can make the malicious executable Fully Undetected . This means evading the Anti Virus is either Time Consuming or we end up spending money. And the worst part is that this Fully Undetected EXE will only evade AV only for sometime as sooner or latter the engine will be … [Read More...]
Featured Articles
Editorial Picks
Latest Blog Updates
Penetration testing of Credential Data over Encrypted Channel
Penetration testing of Credential Data over Encrypted Channel - As part of user’s authentication penetration testing, it is must to pen test how credential data (sensitive data) is transported over an encrypted channel to avoid being intercepted by some malicious hackers via Men-in-Middle type attacks. As we all know, just using https connection doesn’t mean that data transmission is completely safe. The security also depends of other parameters like encryption algorithm used and robustness of keys (public & private keys) used within. If we are concerned about credential data penetration testing or … [Read More...]
SQL Injection Union Based Exploitation : Part 2 The Injection
SQL Injection Union Based Exploitation : Part 2 The Injection This is the second part of the Union Based SQL injection Tutorial for web application penetration testing . If you have missed the first part of the Tutorial , I would suggest you to visit the this Link . The previous part ended with finding the number of Columns in the database . In this part we will actually exploit the Web Application and inject the SQL queries . Here are a few standard SQL functions/queries which will help you in web application penetration testing with the injection . You can consider this a a mini Cheat sheet . If you can … [Read More...]
SQL Injection Union Based Exploitation : Part 1
SQL Injection Union Based Exploitation : Part 1 We have posted a lot on SQL injection . There are various techniques and ways of exploiting the SQL injection loopholes in the Web Application . Many of us exploit SQL Injection holes without knowing what is actually happening on the backend. It might be possible to penetration test a few easy sites by following tutorials exactly as they are. But to actually master the art of SQL Injection, you need to know what is happening and how to alter the way it works. I truly believe that knowing how something works and how to alter the way it works is what differentiates a … [Read More...]
Creating Malicious Word Macros Tutorial : AutoRun Stub via Word Document
Creating Malicious Word Macros Tutorial : AutoRun Stub via Word Document Free Give Away Penetration testers often need to use social engineering attacks . What is more better than creating a Microsoft Office Word document that contains the payload and exploit in form of a Macro . That is easy ... might be common now .... What if the Word Macro would Auto start and execute the payload instantly ? This pen testing tutorial explains exactly how to do that . We will start by creating a Word Macro . Creating Malicious Word Macros Tutorial Step 1: Create a payload. Macros use VBS for macros, so it's not hard to make … [Read More...]