Hackercool Magazine November 2024

Security analysts at Infoblox encountered a domain while observing malicious traffic that appeared to be a lookalike of a very popular Slack hosting resource. This domain may belong to a phishing URL or a case of domain hijacking that happened due to credential theft. The domain they found was actually a lookalike of a high-value domain name. Re-searchers at Infoblox encounter cases like these regularly. Hence, they reported this domain hijacking case to both the domain register and DNS provider and moved on with their day-to-day work. Infoblox is an IT security company that focuses on managing and identifying devices connected to network. They are specialized in DNS security and DHCP security. While Other IT security companies try to reverse engineer a malware detected and try to find out what…

The team of BackBox Linux have announced the release of their latest version of the BackBox penetration testing operating system. The latest version is version 9 with a codename “Noble Numbat”. This has given us an opportunity to introduce this operating system for the first time to our readers in our magazine. Gone are the days when hackers (or ethical hackers) used to install all the hacking tools they needed on a single system. It has long been the era of penetration testing distros or operating systems built for pen testing and ethical hacking. But when you think of pen testing distros, only Kali Linux and Parrot Security OS come to your mind. In all this noise or rather encouraging shouts of Kali Linux and Parrot OS, don’t forget there…

A person was searching for team-building activities on internet. After a few minutes of searching, he found a link on Indeed job search platform and clicked on that link. Going to the website automatically downloaded a document. He then clicked on it to see what is inside that document. Little did he know that the file that got downloaded to his system was not a document but a malware known as SolarMaker imitating itself as a document. Not just that he also didn’t realize that he was directed to a malicious website that looked like website of Indeed job search platform but not. As weekend was approaching, Vijay was searching for a nice movie to download so that he can watch it on weekend. Vijay is not a subscriber to…

Researchers at ACROS security recently discovered a zero-day vulnerability in Windows Server 2012 OS of Microsoft. Windows Server 2012 launched in 2012 (obviously) like all other Server operating systems of Microsoft is used for Active Directory services and other domain related services. Mainstream support ended for this operating system in October 2018 and extended support ended on October 2023. At present, Microsoft is offering paid support for Windows server 2012 until 2026. Properties of a signed file Properties of a unsigned file like our meterpreter payload About the vulnerability The zero-day vulnerability whose details are not being revealed for fear of exploitation by threat actors got added to the Windows Server 2012 two years back. The vulnerability is present in Windows Mark of The Web (MoTW) feature. Mark of the…

In the AV Evasion feature of this month, you will learn about a tool that is currently being used by Black Hat Hackers around the world to evade Antivirus and Endpoint Detection and Response (EDR). The name of this tool is EDRSilencer. EDR Silencer is an open-source tool written in C language and available on GitHub. As the name of the tool implies, it silences EDRs from detecting malicious payloads or files. How does this tool do it? It does this by using Windows Filtering Platform (WFP) to block Endpoint detection and Response (EDR) agents from reporting security events to the server. This tool was inspired from another tool called FireBlock from md5sec’s Night task. Before you understand how this tool works, you need to understand some basics. Let’s start.…

Well, welcome to Hacking Active Directory-Rebirth again. In our previous Issue, you learnt about all the basics that are needed to understand about Active Directory hacking. As promised, in this Issue, we are back with a hacking attack that is very common in Windows Active Directory environment. The name of the attack is Pass-the-Hash attack. No matter what attack real-world hackers perform in Active directory environment their end goal is to take control of the domain controller system. As you read in our previous Issues, Domain Controller is the most important part of Active Directory. Before we go into the detailed explanation of Pass-the-Hash attack, let me explain you about the environment or Hacking lab we are using for this article. Let’s explain about each system in the lab now.…