Hackercool Magazine October 2022

Windows AV Enumeration Module TARGET: Windows 4 MODULE : POST TYPE: Local ANTI-MALWARE : OFF As you already understood by reading the name of the module, this exploit module will enumerate all installed Antivirus applications on the target Windows OS. For this module to work, we need to already have a meterpreter session on the target as shown. Let’s see how this module works. Background the current meterpreter session and load the post/windows/gather/enum_av_excluded POST module. Set the session ID of the meterpreter session and execute the module. As you can already see, the module correctly detected the AV product installed on the target system. It is Windows Defender. Windows Gather Bookmarks Module TARGET: Google, chrome, Opera, Microsoft Edge TYPE: Local MODULE : POST ANTI-MALWARE : OFF This module retrieves the…

Medicare card numbers are the latest personal details to be exposed as part of the Optus data breach. Optus has confirmed this affects 14,900 valid Medicare numbers that have not expired, and a further 22,000 expired card numbers. But this isn’t the first time Australians’ Medicare numbers have been exposed. And some privacy and cybersecurity experts have long been concerned about the security of our health data. Here’s what you can do if you’re concerned about the latest Medicare breach, and what needs to happen next. What’s the big deal? Your Medicare number gives you access to subsidised services across Australia’s health system. Most Australians have a number, whether or not they use these services. Your Medicare card (as a plastic card or digitally, on your phone) is an official…

In recent times, hacking attacks that use PDF files as initial attack vector have increased dramatically. In this Issue, we decided to bring four such hacking techniques that have been used recently. 1. A Shortcut File masquerading as a PDF File A few days back, a covert hacking campaign targeted multiple military and weapons contractor companies with a spear phishing email that contained a zip archive as attachment. The campaign was dubbed STEEP#MAVERICK by cyber security company Securonix. The zip archive contained a PDF document named "Company & Benefits". in reality, this PDF document was a shortcut file (LNK) which when clicked upon downloaded many stagers and eventually a payload to infect the target system. Let's recreate this hacking technique. Although the actual payload used in this hacking campaign was…

In our previous Issue, readers were introduced to Mark Of The Web (MOTW) in the article Bypassing Antivirus. Many readers may get doubts as to what is Mark Of The Web. In this Issue, we want to give our readers a detailed understanding of what exactly is Mark Of The Web (MOTW). Like always, we will do this practically first and then delve into theory part. We are logged into one of the target systems of Hackercool Cybersecurity which is a Windows 10 1809 machine. In the Downloads folder of this machine, we can see various payloads used previously for our hacking tutorials. I right click on the "met_x64_153_4444" payload and click on properties.…

Check whether your email is a part of any data breach https://haveibeenpwned.com At the bottom of the opened tab, readers can see there is a message which is highlighted for you. The message prompt is saying that this particular for came from another computer and may be blocked. Simply put, the message says this particular file is malicious. If you remember, we have once downloaded "mimikatz.exe" binary for one of our tutorials. Viewing the properties of this file too displays the same message. When we first installed this operating system, we downloaded Firefox browser setup application. Let's view the properties of this file. This file doesn't have any warning. This file doesn't have the Mark Of The Web. What Is Mark Of The Web? Mark Of The Web is a security…

In this month's issue of Hackercool magazine, our readers will learn about a python based crypter that can help to bypass AV/EDR products. A Crypter is a software that can encrypt, obfuscate and use any other methods to make the malware harder to detect by Anti- Malware products. Pycrpyt (download information given in our Downloads section) is a crypter that can encrypt any python script you give it to make it harder for AV/EDR to detect. This encrypted python script can then be converted to EXE using pyinstaller. Let's see how to install pycrypt in Kali. OpenLiteSpeed, the sixth most popular web server, accounting for 1.9 million unique servers across the world has been found vulnerable to several high-severity flaws which can be chained to achieve remote code execution (RCE).…