Linux controls 97% of the server market. As such, any budding hacker ought to know the basic defenses of a modern Linux … [Read More...]
Featured Articles
Clickjacking: a hacker’s guide
Clickjacking helps hackers trick victims into doing things without meaning to. We're going to walk you through the … [Read More...]
Hacker imageboards: guide to underground chans
On imageboards (aka chans), users share text and images anonymously. Thus, their users call themselves "anons". Since … [Read More...]
Editorial Picks
Latest Blog Updates
How to get your first cybersecurity role
When trying to land your first cybersecurity role, you will quickly run into one of the greatest paradoxes of the software market. We can summarize the paradox within the following two statements. Cyber is one of the fastest growing markets in the world, for several years in a row.Yet landing a cybersecurity role, especially an entry-level one, is distinctly challenging. How do we resolve this seeming contraction? Both statements are true - the reality is, the market is hard for new hackers because most companies prefer to hire experienced engineers with a proven track-record. Fortunately, professional … [Read More...]
Doxxing for beginners: how attackers dismantle privacy
When we use the internet, we face all kinds of threats to our privacy. Typically, the people snooping on our data are social media apps and advertisers. Sometimes, though, targeting snooping occurs to violate the privacy of a specific person online in a malicious way. Doxxing is the nonconsensual acquisition and publication of private information obtained about someone. Sometimes it's a celebrity, or a controversial figure, or just plain old harassment. Often, attackers obtain the dox (personal information) via social engineering or phishing. However, the most typical medium is OSINT - open source … [Read More...]
Forward secrecy with Python
More people than ever are relying on systems like Signal and Urbit to provide seamless, reliable end-to-end-encryption (e2ee). But e2ee relies on secret keys, usually stored on your device. What if an attacker pilfers your secret keys? Forward secrecy protects you in such a scenario. In this article, you'll learn how PFS works in-and-out by implementing a fullstack notifications app with perfect forward secrecy in Python. Let's dive straight into some code! Encrypted notifications in Python Our app will implement a system for sending notifications to a remote device. Before we worry about any fancy … [Read More...]
Finding XSS in everyday apps
Finding XSS exploits in CTFs is fun, but nothing can match the exhilaration of discovering a vulnerability in a real, live app. To help you get a taste of that excitement, and maybe some advice for bug hunting that you may find useful, I'm going to open up an app I use every day and just see if I can find some interesting exploits. Probably my favorite web app, is the Groups app on Urbit, a peer-to-peer chat app. It looks like this: And thanks the the fantastic community and very welcoming developer community, this app is a joy to hack without fear. We won't worry about the fancy p2p backend since that … [Read More...]
Hacking Jupyter notebooks with Shodan
Hacking Jupyter notebooks is easy and fun, thanks to the lack of any protections by default when you run a notebook. So much so, that notebooks often appear in CTFs as easy targets for beginners. Jupyter offers a web-based platform for coding in a bunch of languages. Python devs, especially data scientists, often rely on these notebooks for basic work tasks. Data scientists don't have to think too much about security, unlike systems programmers and web devs. But since Jupyter notebooks are web-based, they network can access them. That's where we come into the picture. You can find official docs that … [Read More...]