Security daily (02-05-2020)

Expand Your Coding Skill Set with This 10-Course Training Bundle

Whether you're looking to add a substantial coding foundation to your hacking skill set or want to get a job in programming and development, knowing one or two programming languages just isn't going to cut it.

If you're a regular Null Byte reader, you know that a lot of the hacks we show off rely upon a substratum of coding know-how. By understanding the fundamentals of JavaScript, you could build cookie stealers or defeat XSS filters. With Python, you can put together a brute-force tool for hashes or even take control of IoT devices. And Ruby can let you hack a MacBook with just one command... more (Null Byte « WonderHowTo)

How to Execute Hidden Python Commands in a One-Line Stager

A stager is a small piece of software that's typically used by malware to hide what's happening in the early stages of infection and to download a larger payload later.

We're going to explore how it works by creating a single line that downloads and runs potentially infinite lines of Python. An attacker could use this to hide a really suspicious, damaging payload in a way that a person who's just skimming through a new security tool might miss.

The way we're going to unpack this is by base-encoding our different commands in Base64 and then uploading it to a JSON object so we can pull it down... more (Null Byte « WonderHowTo)


/security-daily/ 03-05-2020 23:44:22