Hackercool Magazine August 2024

If you have been following recent Issues of our Hackercool Magazine, you should have seen me repeating one thing again and again. That “PowerShell is soon becoming (or has already become) the favorite scripting language of hackers around the world”. Its use in Infection Chains used by Black Hat Hackers around the world and lot of tools being forked into PowerShell is a testimony to this statement. In this month’s Red Team Hacking feature, we bring our readers the power of PowerShell in hacking. Let’s begin. What is PowerShell? PowerShell is a scripting language initially introduced in Windows by Microsoft that can also be used by automate tasks and managing configurations. It also has a command-line shell. Windows PowerShell was first released in November 2006 in Windows XP SP2, Windows…

In this month’s “Vulnerability For Beginners” feature, readers will learn about a vulnerability disclosed recently in Google chrome browser. Not that you don’t know but for article’s sake Google chrome is a browser which is used to view webpages and websites just like any other browser. Released in 2008, it is used by over 3.45 billion users at present and is available for Windows, MacOS, Linux etc. What is the vulnerability? Recently, a high-risk vulnerability tracked as CVE-2024-7965 has been detected affecting Chrome’s V8 JavaScript engine. A JavaScript engine takes our JavaScript and executes it. Its CVSS score is 8.8 and it is a severe threat to system’s confidentiality and integrity. The vulnerability is a heap corruption buffer overflow that can be exploited remotely. The vulnerability affects Chrome browser versions…

Hello, ethical hackers. In this month’s What’s New, you will learn about the latest release of Parrot Security OS. To the newbies, Parrot Security OS is a pen testing distro just like Kali Linux. Its latest release, Parrot Security OS 6.1 has been released in June 2024. This article explains what’s new in the latest release of Parrot Security OS. Latest features to be excited about What is a new release of a pen testing distro if it has nothing to do with pen testing tools. The latest release of Parrot Security updated many of its tools to their latest versions. Important among them are SQLmap. 1.8.7 (the latest version provides better SQL injection capabilities). Recently a new release of Wireshark has been released. In this release, Wireshark has also…

The second vulnerability our readers are going to learn about in this Issue is a vulnerability in Ivanti virtual Traffic Manager (vTM) that’s being tracked as CVE-2023-7593. A traffic manager in a network is a device or software that manages network and application traffic. The ultimate objective of traffic manager in a network us to improve overall network & application performance. Network load balancing in one of the most important features of traffic management. Ivanti makes one software solution called virtual Traffic Manager (vTM). What is the vulerability? The vulnerability in Ivanti vTM tracked as CVE-2024-7593 and with a CVSS score of 9.8 out of 1 0 is due to an incorrect implementation of an authentication algorithm in the Ivanti vTM. This vulnerability allows remote attackers to bypass authentication of…

In the world of the internet, clicks are currency. The more people click on a website, social media post or an advertisement, the more that content generates revenue. But cybercriminals can exploit this rapidly growing market for clicks through what are known as “click frauds”. And everyone, from everyday internet users to large organisations that use the web to share content or sell their products, is vulnerable. But what exactly are “click frauds”? And what can be done to prevent them? What is click fraud? Click fraud occurs when someone creates a network of bots or sets up “farms” of human workers to generate clicks online. It can take many forms. Fraudsters often use automated bots or click farms to generate fraudulent clicks on ads or likes on their own…

Recently, Boyan Milanov, a security researcher from TrailOfBits has developed a new hybrid machine learning (ML) model exploitation technique named Sleepy Pickle. This technique has once again brought focus on the security risks associated with the Pickle format. In this article, readers will get to know everything they have to learn about the Pickle format as an ethical hacker. What is a Pickle? Everyone knows Python is an object-oriented programming language. In python, almost everything is an object. The Pickle format, native to Python is used to serialize and deserialize a Python object structure. This brings us to next question. What is serialization? We have just now learnt that Python is a object oriented programming language. Sometimes (many times), a need arises to convert this object-oriented data into a byte…