WannaCry Ransomware Analysis and what we know

What is “WannaCry” Ransomware? “WannaCry” spread to hundreds of thousands of Windows machines in 150 different countries. This type of malware is known as ransomware, a piece of malware that encrypts certain files (with specific file extensions) then asks for some currency in return of your files back (in this case it was BTC a …

Cambridge University and their glaring vulnerabilities they refuse to patch.

About a month ago I decided to audit Cambridge University. I was hoping to find some webapp vulnerabilities which I could then report to get a bounty of some kind. I did a very basic audit, tested for Cross Site Scripting (XSS), Local File Inclusion (LFI)  and some other vulnerabilities such as SQL Injection (SQLi).  What I discovered for such a reputable University …

Beginners Guide To Reverse Engineering

So you want to learn to reverse engineer and don’t really know where to start, well in this post I will doing a basic write-up on how to get started as a beginner. Some useful resources: https://www.nayuki.io/page/a-fundamental-introduction-to-x86-assembly-programming https://beginners.re/RE4B-EN.pdf https://en.wikipedia.org/wiki/X86_instruction_listings https://tuts4you.com/ https://www.tutorialspoint.com/cplusplus/cpp_basic_syntax.htm http://www.studytonight.com/cpp/basics-of-cpp.php http://www.tutorialspoint.com/ansi_c/c_introduction.htm https://github.com/0xtyh/awesome-reversing I have included links for x86 Assembly & C/C++ as this is …

Using DNS Rebinding To Hack Routers

What you need Webserver Register a nameserver on a domain Rebind (apt-get install rebind or click here) So what is DNS Rebinding? DNS rebinding occurs when a web server provides an IP that is different than its own, mainly for malicious reasons.The attack vector is providing the IP of the client in order to perform Cross …

Pentesting Methodologies

Information Gathering This stage occurs before you gain access to a network. The goal is to gather as much information as possible about the business/company and their websites, personnel, and anything else relating to the company which will help you along the way. People often use insecure passwords such as names of their children, year …