u/swinglr — 24 hours ago
r/ethicalhacking
I spend $100 on my 8 year old laptop instead of buying a new one. Was it the right decision?
So, I always wanted to go into cybersecurity because I found it interesting now that I am going to college from next month. I do have some knowledge about cybersecurity and thought maybe as a beginner u don't require a $800 laptop for learning it.
Since ram and ssd prices are at an all time high, I thought maybe waiting a year or two is the right choice. And also I didn't want to buy a wrong laptop.
So the $100 spend was for :-
Ram upgrade 4 → 8 gb
New ssd 256gb
And new battery for laptop
Can anyone tell me if it was a good decision or not?
u/whatguyy — 3 days ago
▲ 8 r/ethicalhacking
Cell phones — spoofable, but used for 2FA
How is it that a cellular device that's spoofable can also be safe enough to be used to deliver information needed to authenticate 2FA?
u/d0ugparker — 5 days ago
I rarely (never) do this, but I wanted to get Steven's work in front of others. He's one of those mad geniuses that has focused his energy on hacking using AI. I definitely recommend taking a look.
u/PentestTV — 7 days ago
VisualSploit is a small cli tool I built demonstrating how an attacker can trivially backdoor VS project files with custom shellcode. The project came out of my research and interest in supply chain attacks (especially with their growing relevance), but the technique itself isn't novel. RoslynCodeTaskFactory plus InitialTargets has been written about since subTee, and a few details line up nicely when you use it as a delivery vector for cloned repos.
Give it any .csproj, .vbproj, Directory.Build.props, or Directory.Build.targets along with a shellcode blob, and it injects an inline task that runs the shellcode every time the project is built, restored, or even just opened in Visual Studio. Visual Studio runs design-time builds for IntelliSense the moment you open a folder, and Microsoft treats those as full execution. Files coming through git clone don't carry Mark of the Web, so the "trust this project" prompt that fires for normal downloads never shows up. And Directory.Build.props is imported automatically by every project beneath it, so a single injected file at the repo root reaches the whole subtree the moment the folder opens. If you don't already know, don't trust Visual Studio project files (or anything you can download from the internet, for that matter) blindly.
The loader itself is pretty unremarkable. It XORs the shellcode with configurable rounds and a fresh random key per round, allocates an RWX page with VirtualAlloc, spawns a thread on it, and waits. Variable names in the emitted C# are randomized, with an optional seed for reproducible output across runs.
Anyways, thanks for reading, and hopefully some people find this as interesting as I do :)
u/0xmaxhax — 10 days ago
▲ 0 r/ethicalhacking
As the title says, I am able to crack and play offline video DRM encryption of a popular e-learning platform. Trying to be ethical, how can I disclose this to the company and get some money in a anonymous way.
u/GotBanned3rdTime — 12 days ago
▲ 8 r/ethicalhacking
u/dondusi — 9 days ago
Hello fellow Metasploit Users.
I saw this video:(https://www.youtube.com/watch?v=ccZMaawyaPY) [I know it has some flaws with the https] and it inspired me to plug in my usb with kali on it again.I know the basics of nmap etc but nothing about metasploit.
Do you know good tutorials about metasploit? Or you do you have learnt it would be interressting.
u/Key_Scale5209 — 14 days ago