02/11/2025
Completed a hands-on lab analyzing a malicious browser extension. Below are the concise technical observations.
URL obfuscation: Base64 encoding.
Exfiltration vector: element (new Image() β src GET request`).
Sandbox/VM check (first trigger): navigator.plugins.length === 0.
Keystroke capture: document.addEventListener('keydown', ...) β event.key.
Encryption used: AES (CryptoJS.AES.encrypt) with IV; result base64-encoded.
Credential access: FormData API to read submitted username/email and password; uses window.location.hostname for context.
Takeaway
Simple but effective evasion and exfiltration techniques β great exercise in threat-hunting and chain-of-evidence extraction.
10/08/2025
Steganography & RC4 Encryption β Hide Malware in PNG Like a Pro | Live Webinar | Team JustHackedOn
Ever wondered how hackers hide malicious code inside images? ππΌ
Join our live webinar where weβll explore Steganography and RC4 Encryption with IDAT Chunks β a real-world technique used in cyber attacks.
π‘ What youβll learn:
Steganography π΅οΈββοΈ
Using IDAT chunks in PNG files for data hiding
RC4 encryption for securing hidden payloads
Real-world ethical hacking use cases
π
Date: 13th August 2025
π Time: 9:00 PM
π Hosted by Just Hacked On β Security Just an Illusion
π Donβt miss this chance to level up your cybersecurity skills!
07/08/2025
π‘οΈ Malware Analysis: Real-World Payload Hunting
Recently, I analyzed a suspicious network indicator pointing to a potential loader
π Key Steps I Took:
Collected network artifacts (pcap/scripts)
Identified encoded PowerShell loaders and decoded them
Reconstructed the dropped .exe payload from hex strings inside the PowerShell script
Verified the SHA256 hash:
1eb7b02e18f67420f42b1d94e74f3b6289d92672a0fb1786c30c03d68e81d798
Uploaded the sample to VirusTotal to confirm it
Retrieved the Alibaba malware family label
π Outcome:
β Discovered the sample used fileless techniques and persistent ex*****on via scheduled tasks and VBScript
β Learned how .jpg extensions can be abused to bypass basic filters
π This was a hands-on case study in:
Script deobfuscation
Payload reconstruction
Threat intelligence enrichment
π§ Stay curious, analyze everything.
04/08/2025
Pros and Cons of Using Hydra Tool π οΈ
Evaluate Hydra tool use! Enjoy efficient testing and customizable options, but consider legal risks and ethical concerns. Perfect for cybersecurity pros! π΅οΈββοΈ
04/08/2025
Step-by-Step Web Login Brute Force with Hydra πͺ
Follow the web login brute force process with Hydra! From specifying credentials to executing the attack, enhance your security testing skills. Get started! π
03/08/2025
Explore Hydraβs Versatility in Pe*******on Testing π
Discover Hydraβs power in pe*******on testing across Telnet, FTP, SSH, HTTP, RDP, and SMB! Boost your cybersecurity expertise with versatile tools. Dive in! π‘οΈ
03/08/2025
Master Hydra Commands Configuration Guide π»
Learn to configure Hydra commands for single or multiple usernames and passwords! Enhance your pe*******on testing skills with this step-by-step guide. Start now! π§
02/08/2025
Brute-Force vs. Manual Testing: Which is Better? π
Compare brute-force and manual testing for login security! Brute-force is fast and parallel but detectable, while manual testing is slower yet less detectable. Choose wisely! π‘οΈ
02/08/2025
Bypass Firewalls with Nmap Techniques π₯
Learn Nmap firewall bypass techniques like packet fragmentation, MAC spoofing, decoy IPs, and random padding! Strengthen your ethical hacking skills today. π‘οΈ
03/08/2025
03/08/2025
02/08/2025
02/08/2025