https://serhack.me/Recent content on SerHack - Security ResearcherOlivetti-CMSenhttps://serhack.me/articles/analysis-redline-based-malware/Wed, 22 Mar 2023 00:00:00 +0000https://serhack.me/articles/analysis-redline-based-malware/In recent months, there have been increasing attempts to spread malware via some seemingly ‘harmless’ programs, luring the user through rewards such as sending money with cryptocurrency or NFT-themed gifts. The unsuspecting user by running an ‘innocent’ executable to access prizes becomes part of a botnet. In this post, I would like to analyse in some detail the ‘Redline-EDIRA’ malware campaign that has been going on since around the beginning of May 2022. -Continue to read the article on SerHack.mehttps://serhack.me/articles/reverse-engineering-omnivision-os12d40-driver/Wed, 07 Dec 2022 00:00:00 +0000https://serhack.me/articles/reverse-engineering-omnivision-os12d40-driver/In Part 6 of our series, we structured a theoretical discussion regarding the devices, how they communicate, and the hardware elements that enable this. Another very interesting folder that we come across during our investigation is /lib, which includes all the libraries for executables and device drivers developed by Novatek that allow the operating system to properly configure and set up all the hardware devices connected to the board. To begin, let’s introduce the topic by explaining what device drivers are and how they work on Linux-based systems. -Continue to read the article on SerHack.mehttps://serhack.me/articles/techniques-setting-up-pheripherals-dma-pio/Wed, 30 Nov 2022 00:00:00 +0000https://serhack.me/articles/techniques-setting-up-pheripherals-dma-pio/In Part 5 of our series, we focused our efforts on understanding how the firmware was structured. In doing so, we analyzed the folder with the system executables and delved into the various configuration files. Before tackling the analysis of a device driver, we need to focus on some hardware aspects that will come in handy for this article. These aspects include the management of peripherals and input/output devices. -Continue to read the article on SerHack.mehttps://serhack.me/articles/operating-system-reolink-rlc-810-a/Wed, 23 Nov 2022 00:00:00 +0000https://serhack.me/articles/operating-system-reolink-rlc-810-a/In Part 4 of our series, we focused on the file system and before concluding, we were able to extract files from two UBIFS images contained within the firmware. Here in Part 5, we will try to better understand the structure of the root file system by introducing some basic concepts of the operating system used by Reolink RLC-810A, namely Linux. Why Linux? Linux kernel is one of the most widely used operating systems in the world, if not the first by popularity. -Continue to read the article on SerHack.mehttps://serhack.me/articles/understanding-ubi-file-system-embedded-devices-reolink/Wed, 16 Nov 2022 00:00:00 +0000https://serhack.me/articles/understanding-ubi-file-system-embedded-devices-reolink/In Part 3 of our series, we explored the hardware device elements of the Reolink RLC-810A ― focusing on the NAND memory. We continue with Part 4 of our exploration into an IP camera firmware through introducing the concept of a file system. Furthermore, we will explore the technical reasons for choosing the UBI File System (UBIFS), a file system used especially for a category of mass storage, and we will unpack the UBIFS part using the ubi-extract tool. -Continue to read the article on SerHack.mehttps://serhack.me/articles/dissecting-reolink-rlc810a-hardware-detailed-view/Wed, 09 Nov 2022 00:00:00 +0000https://serhack.me/articles/dissecting-reolink-rlc810a-hardware-detailed-view/Now that we know how device booting works, let’s try to extract some parts from the firmware that we downloaded in Part 1 of our series. Here, we are interested in two main sections: the Linux kernel (which takes care of booting the device services) and the flattened device tree (which allows the kernel to know the hardware configuration a priori without inspecting each device). During the course of this article, we will also proceed as hardware manufacturers and, with a critical eye, comment on each choice made by the manufacturer. -Continue to read the article on SerHack.mehttps://serhack.me/articles/os-embedded-booting-phase-uboot/Wed, 02 Nov 2022 00:00:00 +0000https://serhack.me/articles/os-embedded-booting-phase-uboot/In the first post, we introduced embedded devices and started to scour through and extract information from Reolink IP camera firmware. At the end of the post, we ran Binwalk, which showed various types of files such as Flattened Device Tree, uImage Header, and UBI File System. For the second article in this Reolink series, we are going to introduce the theory regarding the various stages of booting the operating system and explore the different types of files. -Continue to read the article on SerHack.mehttps://serhack.me/articles/introduction-firmware-analysis-ip-camera-reolink/Wed, 26 Oct 2022 00:00:00 +0000https://serhack.me/articles/introduction-firmware-analysis-ip-camera-reolink/Embedded devices continue to increase in popularity and one category, in particular, that has become en vogue as of late is the Internet of Things (IoT). The emergence of these next generation technologies has driven the home automation evolution from simple light bulbs to cloud-connected printers, smart refrigerators, etc. However, this evolution has some disadvantages: The perennial need to be connected to the Internet and an increase in the potential attack surface. -Continue to read the article on SerHack.mehttps://serhack.me/articles/story-behind-alternative-genesis-block-bitcoin/Thu, 06 Oct 2022 00:00:00 +0000https://serhack.me/articles/story-behind-alternative-genesis-block-bitcoin/In this article, I attempt to explain the early source code of Bitcoin and make correlations with the source code currently in use. My intent is to help you better understand the early details regarding the history of Bitcoin and the enigmatic figure of Satoshi Nakamoto. As far as newcomers to Bitcoin or to the blockchain space are concerned, this may be a fairly complex article to understand as my target audience are average and more experienced users. -Continue to read the article on SerHack.mehttps://serhack.me/articles/unveiling-anonymous-author-stylometry-techniques/Thu, 03 Mar 2022 00:00:00 +0000https://serhack.me/articles/unveiling-anonymous-author-stylometry-techniques/One of the techniques that fascinates me most about writing is textual analysis, which includes semantics (the meaning of words) and syntax (the use of signs and letters to construct sentences). Throughout history, both classical and modern, there are numerous examples of authors who wanted to keep their identity hidden. At a first glance, it might seem quite simple to create anonymity: You write the text and invent a name for an author. -Continue to read the article on SerHack.mehttps://serhack.me/articles/analyzing-mario-malware-en/Fri, 01 Oct 2021 00:00:00 +0000https://serhack.me/articles/analyzing-mario-malware-en/If you were a child with a Nintendo DS like myself, growing up you will undoubtedly have played (for countless hours) video games from the Mario series. Appearing for the first time in “Donkey Kong”, Mario is the undisputed protagonist of the video game brand of the Nintendo development house ― from sports to cars, most of the famous video games produced by Nintendo have Mario as the main character. -Continue to read the article on SerHack.mehttps://serhack.me/now/Fri, 14 May 2021 00:00:00 +0000https://serhack.me/now/I am currently devoting day and night to pursuing a degree in Computer Science. If you are wondering about my projects, I am spending hours upon hours improving this blog, publishing an article about every month. Sometimes I devote myself to solving problems on Monero’s payment gateways. What is this page? -Continue to read the article on SerHack.mehttps://serhack.me/articles/measure-execution-time-program/Sat, 24 Apr 2021 00:00:00 +0000https://serhack.me/articles/measure-execution-time-program/Measuring the performance of a program means keeping track of the consumption of resources used by the program. In addition to simple technical performance, such as looking closely at RAM and CPU, it is useful to monitor the execution time of a certain task. Tasks such as increasing sorting of a set of values can take a long time depending on the algorithm used. Before delving into optimizing an algorithm, it is useful to understand how to measure the execution time of a program. -Continue to read the article on SerHack.mehttps://serhack.me/courses/asm/assemble-check-run-program-assembly/Mon, 05 Apr 2021 00:00:00 +0000https://serhack.me/courses/asm/assemble-check-run-program-assembly/Assembly program creation The process of creating an Assembly program goes through the following steps: Writing one or more ASCII files (extension .s) containing the source program, using an ordinary text editor. Assembly of the source files, and generation of the object files (extension .o), using an assembler. Creation, of the executable file, via a linker. Verification of operation and correction of any errors, via a debugger. Assembler The Assembler transforms files containing the source program into as many object files containing machine language code. -Continue to read the article on SerHack.mehttps://serhack.me/articles/introduction-cryptocurrency-wallets/Mon, 29 Mar 2021 00:00:00 +0000https://serhack.me/articles/introduction-cryptocurrency-wallets/As the blockchain and digital asset ecosystem continues to blossom and produce revolutionary technologies that may potentially be the driving forces of the Fourth Industrial Revolution, newcomers to the space are considering what storage options are available for assets such as cryptocurrencies and crypto tokens. Since the launch of Bitcoin in January 2009, we have seen an evolution in the functionality and security of different wallet types that have been brought to market over the years. -Continue to read the article on SerHack.mehttps://serhack.me/courses/asm/introduction-assembly-language-first-part/Mon, 22 Mar 2021 00:00:00 +0000https://serhack.me/courses/asm/introduction-assembly-language-first-part/In the first part of this course, we are going to introduce some rudiments of Assembly, focusing on basic programming concepts and comparing compilation to assembly. What is Assembly Language? Assembly language is a low-level programming language for a computer. A low-level programming language means that the instructions are basic and the computer can easily recognize what it is told to do. Using the assembler, assembly language can be converted to machine language, which is the lowest level language. -Continue to read the article on SerHack.mehttps://serhack.me/courses/asm/faq/Sun, 21 Mar 2021 00:00:00 +0000https://serhack.me/courses/asm/faq/A collection of the most diverse questions I have received via email that might be helpful before tackling the course. What knowledge is required? In order to face the course with serenity and not to go crazy at the first lines of code, it is necessary to have a basic knowledge of computer architecture (the basic components) and iterative programming. The notions will be covered as the reader gets deeper into the course; otherwise Google is your friend! -Continue to read the article on SerHack.mehttps://serhack.me/courses/gohugo/introduction-gohugo/Sun, 14 Mar 2021 00:00:00 +0000https://serhack.me/courses/gohugo/introduction-gohugo/In this first chapter we will begin to cover static, dynamic, and GoHugo sites. We will introduce the differences between the various technologies, and next we will explain what Hugo is. Difference between dynamic and static sites Unlike dynamic sites, static sites have less or no dependence on databases, application servers and thus provides greater security, faster loading speed and better performance for end users. Maintaining and manually updating each page of a static site is cumbersome. -Continue to read the article on SerHack.mehttps://serhack.me/courses/asm/architecture-intel-80x86/Mon, 01 Mar 2021 00:00:00 +0000https://serhack.me/courses/asm/architecture-intel-80x86/Von Neumann architecture This basic model of a computer as a processing unit that receives input, communicates with a memory and produces output is known as the von Nuemann architecture named after the first computer scientist John von Neumann. In this architecture, the processor itself consists of several specialized parts: The arithmetic logic unit (ALU)-the central processing unit capable of performing mathematical and logical operations. The control unit that directs the movement of instructions in and out of the processor and sends control signals to the ALU so that it performs the correct operation at a given time. -Continue to read the article on SerHack.mehttps://serhack.me/articles/getting-started-with-bitcoin/Wed, 10 Feb 2021 00:00:00 +0000https://serhack.me/articles/getting-started-with-bitcoin/A man looks for Bitcoin Oasis If you have heard about blockchain or cryptocurrency, then the term that initially comes to mind is Bitcoin. Launched 12 years ago, it was the late 2017 bull run that created a media frenzy that propelled Bitcoin into the mainstream and our modern day lexicon. Often labeled as the “original” cryptocurrency, Bitcoin has been the catalyst (directly and/or indirectly) behind many new innovations in the blockchain and digital asset space, most notably Ethereum and Monero. -Continue to read the article on SerHack.mehttps://serhack.me/articles/how-to-write-technical-book/Thu, 07 Jan 2021 00:00:00 +0000https://serhack.me/articles/how-to-write-technical-book/For some people, publishing a book represents a dream, or lifelong goal, whereby they share a particular experience or subject matter expertise. In narrative books, behind every story, there is a moral that is often hidden and not always easy to understand. With more “technical” books, it is different ― as it goes beyond simply sharing. More specifically, writing a technical book means being a point of reference with regard to a particular topic. -Continue to read the article on SerHack.mehttps://serhack.me/articles/how-to-react-data-breach-ledger/Mon, 21 Dec 2020 00:00:00 +0000https://serhack.me/articles/how-to-react-data-breach-ledger/If you think you are amongst the users affected by the latest Ledger data breach, it is important not to panic! Follow a few simple steps and you can check the extent of the damage and keep an eye on the security of your account. What are Data Breaches? One of the unfortunate side effects of the modern, Internet-connected world is the data breach ― an uncontrolled leak of data and/or information. -Continue to read the article on SerHack.mehttps://serhack.me/articles/convos-web-client-persistent-irc/Fri, 18 Dec 2020 00:00:00 +0000https://serhack.me/articles/convos-web-client-persistent-irc/Throughout 2020, in large part due to the lockdown, many people have started to become familiar with internal communication tools. Microsoft Teams, Slack, Telegram, Mattermost, and a few others are the most widely used and recognizable of these tools, but there still seems to be some people using Internet Relay Chat (IRC) ― one of the first online messaging services. Many of the widely used international communication tools have been inspired by IRC, which is gradually falling into disuse due to the modern UI and UX and additional features being offered by these more well-known messaging applications. -Continue to read the article on SerHack.mehttps://serhack.me/articles/practical-analysis-ledger-phishing-email/Mon, 02 Nov 2020 00:00:00 +0000https://serhack.me/articles/practical-analysis-ledger-phishing-email/Attempts at phishing and social engineering attacks have increased exponentially as of late, especially towards users who are active in the cryptocurrency space. Recently, there has been much discussion about a cunning attempt by phishers against Ledger and its users. In this article, we’ll dissect: How Ledger devices secure your Bitcoin and other cryptocurrencies What makes it, and other hardware wallets, vulnerable to phishing attacks Exactly how this phishing attack was executed, from spoofing the email to obtaining the assets The mechanisms attackers used to entice victims to install a fake client update How the client worked, from high-level concept to the internals of the Electron App What made it all possible: Where the attackers obtained the data, and the lackluster disclosure A note of caution: Never share the seed or private keys of your wallet! -Continue to read the article on SerHack.mehttps://serhack.me/articles/persuading-people-through-voice-ai-phishing-part-1/Mon, 12 Oct 2020 00:00:00 +0000https://serhack.me/articles/persuading-people-through-voice-ai-phishing-part-1/I get between 10 to 20 emails per day and, usually, more than half of them are phishing attempts. Phishing attempts are a type of email scam that typically aims to obtain personal data of the victim, including username and password for email accounts and popular services (Gmail, Hotmail, mail.ru, Twitter, Amazon, etc.), through pages forged ad hoc to simulate login sections. “Your account has been blocked for security checks. -Continue to read the article on SerHack.mehttps://serhack.me/articles/what-is-stealth-address-technology-monero/Wed, 16 Sep 2020 00:00:00 +0000https://serhack.me/articles/what-is-stealth-address-technology-monero/Monero Stealth Address Monero is based on the CryptoNote protocol and utilizes the most powerful cryptographic techniques in an effort to protect the privacy of the sender, recipient, and obfuscate the amount transacted. To protect the sender’s privacy, Ring Signatures has been implemented to prevent transaction inputs from being distinguishable from one another. Ring Confidential Transactions (RingCT), which hides transaction amounts, was implemented in block #1220516 during January 2017 and since September 2017, this feature became mandatory for all transactions on the Monero network. -Continue to read the article on SerHack.mehttps://serhack.me/articles/monitoring-infrastructure-grafana-influxdb-connectd/Tue, 21 Jul 2020 00:00:00 +0000https://serhack.me/articles/monitoring-infrastructure-grafana-influxdb-connectd/For some companies, infrastructure is the heart of its business. Specifically, I am referring to those companies which need to manage data and applications located on more than one server. It is essential for a company to monitor its infrastructure nodes, especially if the company does not have on-site access to intervene when issues arise. In fact, the intensive use of some resources can be an indication of malfunctioning or overcrowding. -Continue to read the article on SerHack.mehttps://serhack.me/credits/Fri, 24 Apr 2020 00:00:00 +0000https://serhack.me/credits/This page was created to celebrate all the contributors and people who helped SerHack in the last few years. There are few people that incredibely helped me into creating, developing and working on the website. Christoph Ono Christoph Ono is the designer behind my theme and my website. From fonts to colors, every single detail has been composed by him! He is a UX and digital product designer based in Munich, Germany. -Continue to read the article on SerHack.mehttps://serhack.me/articles/the-myth-privacy-end-to-end-encryption-zoom/Thu, 02 Apr 2020 22:00:00 +0000https://serhack.me/articles/the-myth-privacy-end-to-end-encryption-zoom/Zoom is a service to host meetings without the need to install and configure complicated applications: it is one of the many solutions for those who, during quarantine, want to keep in touch with friends and relatives. In this last period of lockdown, Zoom is becoming popular because of how simple it is to host meetings, without a complicated setup. You share a link, and all the participants are connected. -Continue to read the article on SerHack.mehttps://serhack.me/articles/app-cryptonder-another-scam-chrome-extension/Fri, 13 Dec 2019 00:00:00 +0000https://serhack.me/articles/app-cryptonder-another-scam-chrome-extension/On a rainy autumn day, I was contacted like many users by a suspicious individual on Telegram. He insisted on asking for the help of the user who had to recover his wallet which contained several bitcoins. Our “friend”, hencereferred as “M.”, insisted that the user has to register on the platform to be able to unlock his wallet at the price of 0.3 BTC. At this point he invited the unsuspecting user to download a chrome extension and to sign up in a website. -Continue to read the article on SerHack.mehttps://serhack.me/articles/cli-binaries-compromised-monero-analysis/Wed, 20 Nov 2019 00:00:00 +0000https://serhack.me/articles/cli-binaries-compromised-monero-analysis/As mentioned in the getmonero.org blog post, the binaries of Command Line Interface (CLI) of Monero were recently compromised. For readers who are unaware of Monero, it is a cryptocurrency which aims to protect the financial privacy of its users. It is based on well-known technologies such as ring signatures and Confidential Transactions; I suggest reading Mastering Monero to better understand its fundamentals. Before starting my post-mortem analysis, I’d like to highlight that - at the moment of writing - I have no idea of HOW the downloads. -Continue to read the article on SerHack.mehttps://serhack.me/articles/introducing-the-new-website/Sat, 02 Nov 2019 00:00:00 +0000https://serhack.me/articles/introducing-the-new-website/At the beginning, I started my website on 14th May of 2017 when the recent Wannacry malware has appeared. My first post, in fact, was to discuss and to analyze the malware in deeper, explaining technical concepts to people who do not know anything about Windows and SMB. In my life, I meet some people who costantely marked theirself as “expert” in Computer science, but after I have asked them some basic questions, I understood that it was a lie. -Continue to read the article on SerHack.mehttps://serhack.me/articles/unpacking-asic-firmware-antminer-exploited/Sat, 18 May 2019 00:00:00 +0000https://serhack.me/articles/unpacking-asic-firmware-antminer-exploited/Introduction Experts say cryptocurrencies (such as Bitcoin, Monero, and Ethereum) will be the protagonists of the future decentralized and distributed economic system. If this is true then one of the most debated topics in the field of cryptocurrency, how to verify payments while spending as little as possible in terms of resources, is especially important for cryptosecurity. There are many verification methods. “Proof of Work” is an easy verification method to execute yet it’s extremely difficult to create. -Continue to read the article on SerHack.mehttps://serhack.me/privacy/Sun, 21 Apr 2019 00:00:00 +0000https://serhack.me/privacy/Questo sito non utilizza alcun script per ottenere informazioni riguardo gli utenti che visitano SerHack.me. Cloudflare potrebbe utilizzare alcune informazioni riguardo la vostra connessione e ogni visita potrebbe essere loggata dal vostro ISP. This website does not use any scripts to obtain precious informations from the users that read the articles. However, Cloudflare might use some of your informations and every connection might be logged with your ISP too. Consider using VPN or visiting TOR blog. -Continue to read the article on SerHack.mehttps://serhack.me/articles/malware-botnet-irc-analysis/Mon, 18 Feb 2019 00:00:00 +0000https://serhack.me/articles/malware-botnet-irc-analysis/With one of my many honeypots actived around the world wide web, I discovered an interesting script written with the famous Perl programming language. This Perl script is a malware used to remotely control a machine, opening what is technically called backdoor. If this malicious program runs on multiple machines, there is a possibility that the attacker may have created a botnet. At first, a botnet is a network controlled by a bots master and composed of devices infected with specialized malware, called bots or zombies (“Computer zombie”). -Continue to read the article on SerHack.mehttps://serhack.me/articles/phishing-mymonero-app-android-fake/Fri, 04 Jan 2019 00:00:00 +0000https://serhack.me/articles/phishing-mymonero-app-android-fake/I was surfing on Reddit quietly in a sunny day. I was busy since I had to work for many projects including Mastering Monero. At one point, I notice a new user thread asking if there ever was a MyMonero app for Android. First of all, MyMonero is a private business founded by fluffypony who is the lead mantainer of Monero cryptocurrency. At the moment, this service is managed by Paul Shapiro who is the official iOS developer and CEO. -Continue to read the article on SerHack.mehttps://serhack.me/articles/mastering-monero-first-edition-has-been-released/Fri, 21 Dec 2018 00:00:00 +0000https://serhack.me/articles/mastering-monero-first-edition-has-been-released/“Mastering Monero: The future of private transactions” is your guide through the world of Monero, a leading cryptocurrency with a focus on private and censorship-resistant transactions. This book contains everything you need to know to start using Monero in your business or day-to-day life, even if you’ve never understood or interacted with cryptocurrencies before. Cryptocurrencies have revolutionized the financial landscape by allowing anybody with an internet connection to instantly access secure, robust, censorship-free systems for receiving, storing, and sending funds. -Continue to read the article on SerHack.mehttps://serhack.me/books/mastering-monero/Thu, 20 Dec 2018 00:00:00 +0000https://serhack.me/books/mastering-monero/Book overview Across these eight chapters, “Mastering Monero” can take a reader from a complete crypto novice to an informed crypto citizen that knows how to protect his or her privacy. This book takes you by the hand on an exploratory adventure, showing you the world of blockchains and crypto, before taking you on a private tour of the Monero protocol and systems. Illustrations throughout the chapters make it easy for readers to understand the content visually. -Continue to read the article on SerHack.mehttps://serhack.me/articles/ultimate-member-xss-security-issue/Sat, 06 Oct 2018 00:00:00 +0000https://serhack.me/articles/ultimate-member-xss-security-issue/Product: Ultimate Member – User Profile & Membership Plugin Version: 2.0.27 or earlier URL: https://wordpress.org/plugins/ultimate-member/ Potential users affected: 100.000+ CVE : CVE-2018-17866 Ultimate member Ultimate Member is one of the many user profile & membership plugins for WordPress. The plugin makes it a breeze for users to sign-up and become members of your website. The plugin allows you to add user profiles to your site and is suitable for creating advanced online communities and membership sites. -Continue to read the article on SerHack.mehttps://serhack.me/articles/fontstruct-xss-break-the-font-en/Sun, 30 Sep 2018 00:00:00 +0000https://serhack.me/articles/fontstruct-xss-break-the-font-en/The website FontStruct allows even novice users to create their own personal font from scratch. A very simplified procedure: you sign up and you are ready to compose your font. Everything is offered through a simple interface as a free service. Not bad for a free service! Unfortunately, the developer who set up this service has not thought very well about security, repeatedly implementing stratagems that only work for some specific cases. -Continue to read the article on SerHack.mehttps://serhack.me/articles/mega-chrome-extension-hacked/Tue, 04 Sep 2018 00:00:00 +0000https://serhack.me/articles/mega-chrome-extension-hacked/TLDR; On 4 September at 14:30 UTC, an unknown attacker managed to hack into MEGA’s Google Chrome web store account and upload a malicious version 3.39.4 of an extension to the web store, according to a blog post published by the company. Upon installation or auto-update, the malicious extension asked for elevated permissions to access personal information, allowing it to steal login/register credentials from ANY websites like Amazon, Github, and Google, along with online wallets such as MyEtherWallet and MyMonero, and Idex. -Continue to read the article on SerHack.mehttps://serhack.me/articles/deobfuscate-understand-trojan-jscript-en/Wed, 06 Jun 2018 00:00:00 +0000https://serhack.me/articles/deobfuscate-understand-trojan-jscript-en/Over 50% of cyber attacks are executed through malware, whose job is to find a flaw to inject other types of viruses including malware, adware and much more. Knowing the computer remotely, it can spy on the screen and even crypt the files: a wrong click and you lose anything. It is estimated that more than 100 malicious programs are built every week; there are companies that develop protections and security systems for this type of attack. -Continue to read the article on SerHack.mehttps://serhack.me/articles/google-dorks-how-hacking/Wed, 16 May 2018 00:00:00 +0000https://serhack.me/articles/google-dorks-how-hacking/It is estimated that Google has downloaded more pages than any other search engine in the field. With over billions of pages and a relatively low execution time, the popular Californian search engine is able to satisfy all research, both for educational purposes and for purely curiosity purposes. The search engine is so powerful that it can categorize more than 15 million pages in less than a minute. But it was not always like this: in 1999 it took more than a month for such operation. -Continue to read the article on SerHack.mehttps://serhack.me/articles/hackers-full-control-of-online-compilers-through-a-common-exploit/Wed, 18 Apr 2018 00:00:00 +0000https://serhack.me/articles/hackers-full-control-of-online-compilers-through-a-common-exploit/Online compilers are a handy tool to save time and resources for coders, and are freely available for a variety of programming languages. They are useful for learning a new language and developing simple programs, such as the ubiquitous “Hello World” exercise. I often use online compilers when I am out, so that I don’t have to worry about locating and downloading all of the resources myself. Since these online tools are essentially remote compilers with a web interface, I realized that I might be able to take remote control of the machines through command injection. -Continue to read the article on SerHack.mehttps://serhack.me/articles/introduction-to-monerov-and-its-inherent-risks/Tue, 06 Mar 2018 00:00:00 +0000https://serhack.me/articles/introduction-to-monerov-and-its-inherent-risks/The “MoneroV” coin is an impending unofficial fork of the Monero blockchain with many “red flag” characteristics that have alarmed the Monero community. Many users are wondering: could the MoneroV fork be a scam project? This article discusses risks for individuals claiming MoneroV, and describes how MoneroV opens an attack vector on the overall privacy of the Monero network itself. Types of cryptocurrency forks The word “fork” is an umbrella term that describes several distinct processes the cryptocurrency world, each with different goals and consequences. -Continue to read the article on SerHack.mehttps://serhack.me/articles/crash-iphone-telugu-character-en/Tue, 20 Feb 2018 00:00:00 +0000https://serhack.me/articles/crash-iphone-telugu-character-en/In recent years, Apple has been heavily criticized for the security implications of their market centralization and policy of irreversible operating system updates. Mobile device users are strongly pressured to install packaged iOS upgrades that cannot be rolled back. While this practice greatly increases security for most users, there is an inherent danger to this centralization. Every flaw or weakness leaves over 100 million Apple device users vulnerable to exploitation for illegal purposes. -Continue to read the article on SerHack.mehttps://serhack.me/articles/how-i-broke-envato-search-field/Thu, 05 Oct 2017 00:00:00 +0000https://serhack.me/articles/how-i-broke-envato-search-field/How Envato managed two critical vulnerabilities discovered by me TLDR; Envato devs had not developed a strong filter in order to avoid any XSS Attack, and I noticed that I could perform a XSS Injection. I have contacted Envato and, after some investigations, they have discovered that my vulnerabilities were critical! They thanked me and patched the vulnerabilities within 5 business days. Good job Envato!! How everything started Presently I am an Envato Author, web developer, and a security researcher. -Continue to read the article on SerHack.mehttps://serhack.me/articles/development-keylogger-techniques-hardware-software/Fri, 26 May 2017 00:00:00 +0000https://serhack.me/articles/development-keylogger-techniques-hardware-software/To celebrate 400+ visits to my blog after just 10 days (not bad, come on), I managed in my spare time to write another, very interesting article on another popular category of malware: keyloggers. Keyloggers are a particularly insidious form of malware: they are software designed to monitor every key pressed on the keyboard of any device. Unlike other malicious programs, therefore, they do not pose a danger to the system per se, but they can become a treacherous source of threat to users, since they can be used to intercept passwords, PINs, account numbers, and confidential information. -Continue to read the article on SerHack.mehttps://serhack.me/articles/technical-analysis-ransomware-wannacry/Wed, 17 May 2017 00:00:00 +0000https://serhack.me/articles/technical-analysis-ransomware-wannacry/By now, on the net, on TV and around the world, there is nothing but talk about WannaCrypt: ransomware, or malware that can encrypt all the files on one’s computer and demand a ransom for unlocking them. It has infected between 500,000 and 600,000 computers in more than half the world. Attacked hospitals, businesses, in short general panic. You probably already know the story, that’s all people are talking about. -Continue to read the article on SerHack.mehttps://serhack.me/articles/hello-world/Mon, 15 May 2017 00:00:00 +0000https://serhack.me/articles/hello-world/Hello world, I am SerHack, I am a developer, a security researcher and writer, I mostly write about software backend and a security researcher. I am from Italy where the security of citizens data is not seen as a priority. When I started looking to the world of development, I was like 12 years old. During these days, I saw how a developer is able to do almost everything with a personal computer and then I started my adventure and my project for entire life: become an excellent developer! -Continue to read the article on SerHack.mehttps://serhack.me/about/Sun, 14 May 2017 00:00:00 +0000https://serhack.me/about/Despite his nickname, SerHack is not an hacker. SerHack (SeərHæck) is a security researcher, developer, and writer. He started his career with development of payment gateways for a popular cryptocurrency. Since then he has reported several bugs and security issues, many of them CVE. He is widely known for reporting the MEGA incident and conducts different malware analyses. Additionally, SerHack contributes to the Monero project – a cryptocurrency focused on privacy. -Continue to read the article on SerHack.mehttps://serhack.me/donate/Sun, 14 May 2017 00:00:00 +0000https://serhack.me/donate/This page is for people who like my work and would like to boost my projects. At the moment, I’m writing the second edition of “Mastering Monero” and a new resource named “Breaking Cryptocurrencies”. I have several ideas in my mind that needs funding, so please don’t hesitate to contact me for more information. Thanks to your support, I’ve been able to realize this blog and the books I’ve mentioned earlier. -Continue to read the article on SerHack.me