The question that might come naturally after reading this title is:Why should you know how to code a shellcode runner for your malware analysis? Malware analysis is a dark art. Every time you conduct a routine analysis, you get a surprise.Often, you need to extract hidden shell codes and analyze them separately.While analyzing it, we...
In this article I want to introduce you to command injection with a very simple practical example.I also suggest you read the code of the target application in order to better understand, but now let's get to the gist! Command injection is a code injection technique that exploits a security flaw in a software application....
This article is an introduction to what is Cyber Kill Chain and how it works. Maybe if you follow some cybersecurity podcast, newsletter etc. you have heard about that, but did you know exactly what is it?Knowing what it is is mandatory for anyone wishing to approach any field of cybersecurity.So let's start with a...
What is SQL injection? SQL injection (SQLi) is an attack on a web application (among the most known along with XSS) that exploits a security vulnerability in a target software, in particular, it allows the attacker to do some operations on the vulnerable database.On the basis of past experiences, this kind of attack can be...
Are you familiar with malware analysis? It's an essential aspect of cybersecurity that deserves a closer look. In this article, we'll provide a concise yet comprehensive overview of malware analysis and walk you through the key steps involved in the process. Malware analysis is the systematic process of dissecting, understanding, and evaluating the functionality, origins,...
Just as a quick refresh: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side scripts into Web pages viewed by other users. An attacker can use a cross-site scripting vulnerability to bypass access controls such as the same-origin policy. For more details, before...
When we approach the analysis of malware, understanding the inner workings of malware is crucial. The static analysis serves as our initial reconnaissance, allowing us to dissect and understand a file's potential threats without executing it. While tools like the UNIX strings command have long been staples in this domain, they sometimes lack the flexibility...
In the field of cybersecurity, automation is not just a convenience; it's a necessity. Whether you're dealing with a handful or a plethora of files, manually scanning each one is neither efficient nor practical. This article aims to guide you through the process of automating file scans by calculating their hash values and leveraging the...
Welcome to our new write-up! Our focus today is on 'DVWA SQL Injection Medium Burp.' As we delve deeper into DVWA's medium security setting, Burp Suite becomes our trusted guide, revealing the intricacies of SQL injection challenges. Before starting you need to configure your lab, and if you don't know how to do it, here...
In our previous tutorials, we meticulously dissected the art of executing SQL injections manually, ensuring a robust understanding of its intricate mechanics. Now, with that foundational knowledge firmly in place, it's time to transition to a scenario that mirrors real-world cybersecurity practices. Tools become our primary allies in most professional settings, streamlining and enhancing our...
Welcome to another enlightening guide! Over the past months, I've delved deep into various CTF writeups, always emphasizing the importance of a streamlined cybersecurity lab setup. While many of you have successfully navigated through the Kali Linux installation using our detailed guide, I've noticed a recurring query: How do we kickstart our journey with TryHackMe?...
Diving into the realm of Capture The Flag (CTF) challenges? PicoCTF stands out as a prime starting point. While I've covered numerous topics on Stackzero.net, today's focus is a step-by-step guide to ease your PicoCTF registration process. After mastering the basics of cybersecurity, it's time to test those skills. And what better platform than PicoCTF?...
StackZero is a specialized technical blog dedicated to the realm of cybersecurity. It primarily provides insightful articles and comprehensive tutorials designed to educate readers on developing security tools. The blog encompasses a broad spectrum of subjects, starting from the foundational principles of cryptography and extending to more sophisticated areas such as exploitation and reverse engineering. This makes StackZero an invaluable resource for both beginners and professionals in the field of cybersecurity.
The blog covers a wide range of topics, from the basics of cryptography to the more advanced topics of exploitation and reverse engineering.