Using a Flipper Zero, a short 12-line DuckyScript text file, and a remote listener on my Ubuntu server I was able to gain a shell on my fully patched, up-to-date Ventura macOS computer. In my lab environment, I use Flipper Zero as a pentesting device to test vulnerabilities in my

Why You Should Never Use an Unknown USB Device Cybersecurity professionals have done a pretty good job getting the word out about the dangers of using USB flash drives to the point where most users think twice before plugging that USB drive into their computer. Unfortunately, this message may be

Using an old USB drive, you can build your own malicious BadUSB using Windows shortcut files to link to malware. An LNK file shortcut provides quick and easy access to executable files without navigating the program’s full path. In this situation, the malware executable is in a hidden directory.

Computer systems get attacked daily.  Ransomware, malware, stolen credentials, video game makers’ source code gets leaked, and money drained from users’ accounts dominate our news feeds.  But how do hackers gain initial access to compromise a system?    Let’s take a look at how a breach could happen. Don’t

Virtualization and cloud computing has made setting up Linux servers easy and available for anyone.  At any one time, I manage up to 10 Linux servers between my home lab and cloud-based servers.  When I log into a system I need to quickly check system statistics including server name, IP

When we think of denial of service (DoS) attacks we tend to think of the massive, distributed denial of service (DDoS) attacks run by botmasters to target big corporations, networks, and high-profile E-commerce websites. Wi-Fi-enabled 802.11 security cameras come with a noticeable vulnerability. A single attacker can disable our

Search the Internet for the best Wi-Fi Adapter for Kali Linux and the Alpha Networks AWUS036ACH comes up in the Top 5 every time for its support of Monitor mode and packet injection. The problem is that it is not supported by Kali Linux out of the box. This is

In a traditional client-server environment, the user is the client and the machine that provides services is the server. The client creates a connection, to the server which is listening for connections through specified ports. A reverse shell reverses this setup because the client becomes the (new) server listening for

This is a relatively simple brute force method to connect to a Unix machine using SSH in our pentesting lab. The target machine for this exploit is a Raspberry Pi 3 running Kali Linux with SSH enabled. The Raspberry Pi’s software is up-to-date and no other changes were made

The goal of a cyber attack is to gain a foothold into the victim’s network. In the absence of a successful external attack on your servers, imagine that a malicious group can bypass your firewalls and fancy network scanners and get direct access to your network from the inside.

When I started writing this article, I didn’t realize how popular and well-documented this attack is in various places. The good news is that protecting yourself from this type of attack is also well-documented. These are my steps to exploit my WordPress site in my homelab. These instructions are

The Wifi Ducky or Wifi Duck is a small stealthy device that hackers can use as an entry point into your network. These pentest devices work exceptionally well because they violate the inherent trust computers have in allowing USB devices to be plugged in without authentication. This vulnerability allows hackers

What is a Ransomware Attack? Ransomware is a type of malware attack that encrypts a victim’s data and prevents access until a ransom payment is made. CryptoLocker, Colonial Pipeline, NotPetya, REvil, and Ryuk are all names associated with ransomware that have raised our awareness about the dangers of ransomware.