An introduction to Bluetooth BR/EDR protocol. More articles will follow about the various security mechanisms implemented in Bluetooth for secure pairing and attacks.

Bluetooth is a low power wireless communication technology operating in the 2.4 GHz range for short-distance data exchange between Bluetooth devices. Bluetooth was developed in 1994 as a replacement for cables and is specified by Bluetooth Special Interest Group (SIG). The specification defines all the functionalities that must be implemented by the Bluetooth communication protocol.

Note that this article is limited to only Bluetooth Basic Rate/Enhanced Data Rate (BT/EDR), which is also known as Bluetooth Classic. There…


While studying for the MS Azure Cloud Fundamentals exam AZ-900, I decided to share the summary that I wrote.

Load balancer

Load Balancer distributes traffic within the same region to make service/resources more available and resilient and helps minimize downtime.
The load balancer can distribute traffic between multiple VMs to achieve high capacity, but load balancer can improve resilience because load balancer can automatically route traffic away when a (single) VM fails.

Distribution modes
Load balancers use by default hash-based distribution algorithm:

Five-tuple hash is used by default to map traffic equally among available servers. Hash ensures in distribution mode that requests…


This article describes how to view and modify metadata (which is data about data) in a file, but more specifically a PDF file.

Metadata

Use Exiftool to run the following command shows all the current metadata in the PDF file.

exiftool -all:all file.pdf

Removal of metadata from a PDF file can be considered as an anti-forensic technique to limit the information contained in the file about the creator. This helps reduce the footprint which limits the reconnaissance capability of the attacking party.

Removal of metadata

Exiftool makes use of an incremental update technique to edit metadata.

exiftool -Title="This is the Title" -Author="Happy Man" -Subject="PDF…


In this post, a simple explanation is given how to capture the authentication handshake in Wi-Fi (PSK: Pre-Shared-Key mode)and perform dictionary attack to recover the password using Aircrack-ng

WPA/WPA2 supports PSK (Pre-Shared Key) authentication among others, and this one is the most widely used method in home and small office networks.

Capture the handshake

Make sure that your wireless card supports monitor mode, that allows you to see all the wireless traffic, including the traffic not intended for your card.

Monitor mode

Start the wireless card in monitor mode on a specific channel using airmon-ng, which allows the card to listen to every…


A quick tutorial to SQL injection with the tool SQLmap

Screenshot of the sqlmap logo

SQL injection attack consist of two steps:

  1. Find a webpage vulnerable to SQL injections
  2. Exploit the vulnerable webpage with SQL injection

Find vulnerability

Webpage URL appended with /product.php?id=1 generates a query like

SELECT * FROM products WHERE id=1

To test whether a website is vulnerable, a single quote ‘ can be added behind the webpage URL/product.php?id=1'generating an incorrect SQL query

SELECT * FROM products WHERE id=1'

In case some kind of an error message is shown, this indicates that the website is vulnerable. When the webpage remains the same or isn’t found…


Using OSINT reconnaissance tool SpiderFoot for cryptocurrency intelligence gathering

The article is aimed to show the feature of the OSINT tool SpiderFoot to scrape bitcoin addresses from a website and query their balances in an automated manner.

Everyone knows that once a bitcoin address is obtained it is freely possible to query the balance on blockchain.com and obtain even more detailed information about the transactions to and from that wallet address.

The next section shows an example of how SpiderFoot can be used to find bitcoin addresses on a website and query their balances.


This article will demonstrate the practical usage of Hydra in a password attack against a web login on DVWA web application.

The web application DVWA (Damn Vulnerable Web Application) is a known vulnerable web app that infosec professionals can use to practice their testing skills. DVWA contains various vulnerabilities such as brute force, SQL injection, XSS, and much more. This article is limited to brute force vulnerability on a login webpage.

Login into DVWA, and click on ‘Brute Force’ button menu on the left side to enter a webpage with a login. Figure out the cookie session ID of the…


A quick tutorial for the usage of Nmap (“Network mapper”). the most popular network scanning tool used for the active reconnaissance phase of a remote target machine.

After gathered the IP address or hostname of the target machine, or the IP address range in case of a network during the passive reconnaissance phase, Nmap is often used in the scanning phase (active reconnaissance phase) to discover active hosts, open ports, and more detailed information about the services running and their application versions. Note that Nmap generates a lot of traffic that might trigger an alert on the target network.

Host discovery

Ping…


A quick tutorial to begin using this Open Source Intelligence tool

This article will provide instructions to install and use the OSINT tool Spiderfoot for the first time. OSINT tools can be used to gather intelligence about IP addresses, domain names, email addresses from many data sources such as Shodan, Whois, “Have I Been Pwned” and many more public data sources. Note that all the results than can be obtained through the use of OSINT tool can also be collected manually

Besides the free version of this tool which is an open-source project written in Python3 available for download, there…


In this post, the popular password cracker Hashcat is explained.

Besides the most know password cracker John the Ripper (JtR), there exists also another very powerful tool called Hashcat. Hashcat is already installed on Kali Linux (pentester’s favorite OS) but can also be downloaded and run on any Linux and Windows machine. Support is provided for both the usage of CPU and GPU-based cracking which makes it generally faster than JtR, and it also supports much more hash types. …

sc015020

Running IT security analyst. Passionate about (wireless) networks and security overall

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store