Technical Writing Blog

How to Get a Reverse Shell on macOS Using A Flipper Zero as a BadUSB

Using a Flipper Zero, a short 12-line DuckyScript text file, and a remote listener on my Ubuntu server I was able to gain a shell on my fully patched, up-to-date Ventura macOS computer. In my lab environment, I use Flipper Zero as a pentesting device to test vulnerabilities in my

Your USB Gadget Could Be Weaponized

Why You Should Never Use an Unknown USB Device Cybersecurity professionals have done a pretty good job getting the word out about the dangers of using USB flash drives to the point where most users think twice before plugging that USB drive into their computer. Unfortunately, this message may be

How to Make a Malicious USB Device and Have Some Harmless Fun

Using an old USB drive, you can build your own malicious BadUSB using Windows shortcut files to link to malware. An LNK file shortcut provides quick and easy access to executable files without navigating the program’s full path. In this situation, the malware executable is in a hidden directory.

Exploiting the proftpd Linux Server

Computer systems get attacked daily. Ransomware, malware, stolen credentials, video game makers’ source code gets leaked, and money drained from users’ accounts dominate our news feeds. But how do hackers gain initial access to compromise a system? Let’s take a look at how a breach could happen. Don’t

Linux Shell Programming for Beginners

Virtualization and cloud computing has made setting up Linux servers easy and available for anyone. At any one time, I manage up to 10 Linux servers between my home lab and cloud-based servers. When I log into a system I need to quickly check system statistics including server name, IP

Your Wi-Fi Cameras may be getting Attacked

When we think of denial of service (DoS) attacks we tend to think of the massive, distributed denial of service (DDoS) attacks run by botmasters to target big corporations, networks, and high-profile E-commerce websites. Wi-Fi-enabled 802.11 security cameras come with a noticeable vulnerability. A single attacker can disable our

Configuring the Alpha AWUS036ACH Wi-Fi Adapter on Kali Linux

Search the Internet for the best Wi-Fi Adapter for Kali Linux and the Alpha Networks AWUS036ACH comes up in the Top 5 every time for its support of Monitor mode and packet injection. The problem is that it is not supported by Kali Linux out of the box. This is

How a Reverse Shell Works Exploit Works

In a traditional client-server environment, the user is the client and the machine that provides services is the server. The client creates a connection, to the server which is listening for connections through specified ports. A reverse shell reverses this setup because the client becomes the (new) server listening for

Using Metasploit to Attack Default SSH Username/Passwords

This is a relatively simple brute force method to connect to a Unix machine using SSH in our pentesting lab. The target machine for this exploit is a Raspberry Pi 3 running Kali Linux with SSH enabled. The Raspberry Pi’s software is up-to-date and no other changes were made

Rogue Raspberry Pi Exploit

The goal of a cyber attack is to gain a foothold into the victim’s network. In the absence of a successful external attack on your servers, imagine that a malicious group can bypass your firewalls and fancy network scanners and get direct access to your network from the inside.

How Malicious Actors Attack WordPress

When I started writing this article, I didn’t realize how popular and well-documented this attack is in various places. The good news is that protecting yourself from this type of attack is also well-documented. These are my steps to exploit my WordPress site in my homelab. These instructions are

How Wi-Fi is Vulnerable with a Wifi Duck

The Wifi Ducky or Wifi Duck is a small stealthy device that hackers can use as an entry point into your network. These pentest devices work exceptionally well because they violate the inherent trust computers have in allowing USB devices to be plugged in without authentication. This vulnerability allows hackers

Understanding Weaponized USB Devices

What is a Ransomware Attack? Ransomware is a type of malware attack that encrypts a victim’s data and prevents access until a ransom payment is made. CryptoLocker, Colonial Pipeline, NotPetya, REvil, and Ryuk are all names associated with ransomware that have raised our awareness about the dangers of ransomware.

How Mom Got Hacked

I never realized how easy it was to get a username and password to an email account until my mother was hacked. Listening to her explain what happened I realized that the attack was simple enough… she logged into to her google account through an email asking her to confirm