Estimated difficulty: πππππ€ Hulk, smash? Stacks, that is! Welcome to another strictly hax-themed blog, and something a little out of my comfort zone I must say – so if there are any constructive criticisms or feedback… Please let me know! This month we are covering the basics of stack smashing Continue Reading
Understanding Unix File Permissions
Estimated difficulty:Β ππ€π€ If you are a newbie in security and want to start learning about Unix, then this is a great post for you. This will be a quick fire post on file permissions. What do they mean and some of the vulnerabilities you might spot out in the Continue Reading
Zoning Out: An Introduction to DNS Zone Transfers
Estimated difficulty: πππ€π€π€ DNS (Domain Name System) zone transfers are used to help replicate databases across different domain servers, allowing administrators to modify or edit records easily by implementing the changes on one server and copying the changes to the others. Zone transfers are completed using the AXFR protocol, and Continue Reading
Deauth Yourself: How to Build a Deauthenticator
Estimated difficulty: ππ€π€π€ π€ Welcome to the wonderful world of hardware. This blog post is a walkthrough of how to build a deauthenticator; a pocket-sized tool that you can create to kick a device off of a network (especially good to know for April fools, or if you just want Continue Reading
Light ’em Up: An Introduction to LiDAR
Estimated difficulty:Β πππ€π€π€ It’s been a while since I’ve written about zoom hax, if you’re new to Security Queens – you can find my last blog post on hacking cars via. the Control Area Network (CAN) here. Instead of focusing on physical CAN bus hacking, this blog post will do Continue Reading
There Ain’t No Party Like an EC2 Party: Creating Your Website
Estimated difficulty: ππ π€ π€π€ So you have decided to host a website on your EC2 instance? Samesies! If you still aren’t sure where to start with hosting, then check out my previous post. When it comes to creating a website, there is a shopping list of things that you Continue Reading
Tickets Please: Kerberoasting 101
Estimated difficulty: πππππ€ So as my own personal learning journey into the land of mad hax, I thought I would document something Windows-y for a change (something completely out of my comfort zone…). This is the blog no-one necessarily asked for, but I feel would be hugely beneficial to those Continue Reading
There Ain’t No Party Like an EC2 Party: Securing Your AWS Instance
Estimated difficulty: ππ π€ π€π€ In this post, we are slightly diverging from the original MOBster series and taking a look at Amazon Web Services (AWS). This is the first of two posts that will walk you through hosting and building a simple website… Yes, the web dev bug has Continue Reading
Drop it Like it’s Hot: SQLi 101
Estimated difficulty: ππππ€π€ Continuing our journey into the land of web hax, this week (as requested by the world of Twitter) we are covering SQL injection basics. What is SQL? SQL stands for Structured Query Language and is commonly used by various applications to interact with a database, usually submitting Continue Reading
MOBster4: Insecure Authentication
Estimated difficulty: πππππ€ We are continuing on our quest to conquer the OWASP Mobile Top 10, and if you have been following this series then congratulations, you have made it to M4: Insecure Authentication! This post is going to delve into the world of how mobile apps can use weak Continue Reading