First of all let’s show the differences between the part of the internet that can be indexed by traditional search engines and easily accessible from the internet and the whole other “hidden” part. The entire web is divided into the following parts: Surface Web: it is the part of the web that is easily accessible… Continue reading What is the dark web and how to access it

Updating kernel in Gentoo Linux The kernel is the heart of an operating system. It provides secure and controlled hardware access to running processes. It can therefore be understood how important it is, in terms of IT security, to update the kernel. Here are the commands to update the kernel in Gentoo OS. Once you… Continue reading Updating kernel in Gentoo Linux

A little bit about Gentoo Linux In my opinion one of the most fascinating linux-based operating systems is Gentoo Linux. Any respected Nerd should have managed to install and update Gentoo as well as try to solve on their own the various problems that arise during the previous two phases. The main feature of this… Continue reading A little bit about Gentoo Linux

TryHackMe – Surfer writeup This is my TryHackMe – Surfer machine writeup. Scanning victim’s IP using “nmap” I find that ports 22 and 80 are open. Navigating the web site (port 80) I find a login page. Instead, using “dirb” I find many useful things including “robots.txt”. The content of “robots.txt” is: Disallow: /backup/chat.txt Then I browse “victim_IP/backup/chat.txt”… Continue reading TryHackMe – Surfer writeup

During a pentest on a web server it can certainly be useful to enumerate the victim’s domain to see if there are any subdomains, in order to test everything. To do this you can use the following main methods: — Dns zone transfer — With this method it is possible to take advantage of the… Continue reading How to enumerate subdomains

Many times, uploading a malicious file (such as a .php reverse shell) to the victim machine, and making it work, is not so obvious. The victim’s web administrator may have set filters to help determine the types of files that can be uploaded to their server. In fact, a good web administrator allows you to… Continue reading Hide malicious shell in image file

Intro When the attacker has managed to gain shell access to the victim’s machine, it is important to immediately understand what permissions he has. In other words, the user with whom the attacker accessed the victim may not be “root” (or administrator) and therefore may not have permission to do everything on that victim’s system.… Continue reading How to enumerate for privilege escalation

VPN stands for VIRTUAL PRIVATE NETWORK. VPN is a virtual network which guarantees privacy and increases security on browsing data.

Creating your own website is not something reserved for programmers and web designers. If you have some nice ideas that you would like to put online in the vast world of the internet, below I will list the various steps to do so, from registering a domain to finding a hosting service and installing and… Continue reading Create your own website with wordpress.org – starting from scratch

TryHackMe – Cold VVars This is my TryHackMe – Cold VVars machine writeup. Scanning victim’s IP using nmap tool to see open ports the result is: Browsing on port 8082 we can see that there is a website then I decided to scan it using “dirb”. So I found “login” section: Browsing in it: After a few tries… Continue reading TryHackMe – Cold VVars writeup