In this post we will learn how to secure our VPN so that it doesn’t leak any traffic.
If you have ever used a VPN for geolocation specific sites or applications, you might have run into the issue where your VPN turns off and suddenly you are connecting to that application using your main connection which can lead to minor interruptions from that site or application or even becoming blocked.
A solid setup can be the differential preventing this from happening and that is what we will learn how to configure in this post using some basic Windows firewall rules.
In this video we will use AI to code a Python script that can help you in recovering your lost bitcoin wallet.
More precisely we will be using Google’s AI Studio to work out a little tool capable of assisting in bitcoin wallet recovery with the use of brute-forcing the original words that form your seed phrase.
The purpose for this article is to guide you on the use of this tool but also to show you how to approach using AI for creating simple tools to help you in your repetitive daily tasks. With AI being so widespread and easy to use right now it is a good idea to think of what tools you can create to automate certain tasks and save your precious time. But before we begin…
In this post we’ll take a look at how to setup Apache, MySQL and PHP on Windows and Linux. This setup is mainly for a series of SQL injection labs that I’ll be posting in the upcoming days (you’ll find the link for the HTML/PHP below). For this reason, it will be a development setup not a secure one. 😉
Creating MySQL user, database and grant privileges
Download HTML/PHP pages and configure it properly
Since I’ll be doing a series of SQL injection posts, I figured it would make sense to create this post given that understanding the installation process, database users/permissions all contribute to the vulnerability.
In this episode we’ll take a look at brute-forcing a VeraCrypt container using Hashcat.
For starters I want to say that I’m a huge VeraCrypt fan and use it all the time, for a long time. Long enough to remember when it was, originally, called TrueCrypt before the project was abandoned.
I caught myself thinking: how long would it actually take to brute-force specific password masks? That’s when I decided to put it to the test using Hashcat and an operating system equipped with a graphics card.
In this video we’ll take a look at how to do ARP spoofing attack using Scapy!
If you’re interested but have no idea what Scapy is and wondering why we aren’t using [enter tool name here] to do this, then I suggest checking out my previous post “Introduction to Scapy“. To sum it up, I guess we are interested in doing this in a raw way to learn as much possible from the protocols and how they work.
What is ARP Spoofing?
ARP spoofing is a technique used to put yourself in a man-in-the-middle position between a target and gateway. The address resolution protocol (ARP) uses broadcast and replies to translate an IPv4 address into a MAC address. Decades ago, hackers figured out it’s possible to spam the network with spoofed ARP replies pretending to be another client on the network; which leads to all the traffic for that client to be intercepted by the attacker.
If you’re unfamiliar with these protocols and terminologies, believe me, it’s not all that complicated. This is one of the things that become easier to understand once you see it taking place. I recommend setting up Wireshark first and perhaps just observe how ARP works in its natural form. You will see broadcasts asking “What is the MAC address for this IP?”, followed by replies from clients “Hey that’s me, here is my MAC address!”.
From that point on we can simply tell the router “Hey my MAC address is xx:xx” (where xx:xx is the target client’s MAC address) and do the same thing to the router making them think we are the target client.
Recent Comments