HACKING LABO

Latest News

‹

• 
  News

  Anthropic Bun を Claude が 6 日で Rust に移行 — 1M 行・99.8% テスト合格の衝撃

  Anthropic 傘下の JavaScript ランタイム Bun が、Zig から Rust への 100 万行コード移行を Claude AI で...

  2026-05-17 views 31 likes 0
• 
  News

  AIエージェント時代の攻防 — 攻撃も防御も自律化、しかし企業のAI準備度は4割止まり

  2026年5月、AIエージェントを攻撃対象とするレッドチームサービス、自律型インシデント調査AI、企業のAI準...

  2026-05-17 views 32 likes 0
• 
  News

  国境を超える ICS / IoT 脅威 ― 水インフラ・LNG・農機まで「物理に近い側」の標的化

  イスラエル水インフラの未完成マルウェア、北海道ガス LNG 受発注システムの不正アクセス、農業用トラクタ...

  2026-05-16 views 30 likes 0
• 
  News

  「外部攻撃ではない情報漏洩」が増えている ― BEC・内部不正・クラウド誤設定の盲点

  BEC で 5,000 万円流出、トヨタ内部情報の出向者経由持出、クラウド設定誤りでマイナンバー漏洩 ― 2026年5...

  2026-05-16 views 29 likes 0
• 
  News

  海外子会社・委託先経由のランサム連鎖 ― 1週間で日本企業 10 件超

  2026年5月の1週間で、海外子会社や業務委託先を侵入経路にしたランサム被害が日本企業で 10 件以上発生。TE...

  2026-05-16 views 37 likes 0
• 
  News

  2026年5月の優先パッチ整理 ― Palo Alto は攻撃確認済、GUARDIANWALL も注意喚起レベル

  2026年5月の脆弱性ラッシュを整理。Palo Alto PAN-OS は限定的な攻撃を Palo Alto 自身が確認済み、GUARDIA...

  2026-05-16 views 34 likes 0
• 
  News

  「あんしんフィルター for au」に平文送信脆弱性 ― 子供を守るアプリが情報を漏らす皮肉

  KDDI 提供の Android アプリ「あんしんフィルター for au」に重要情報の平文送信脆弱性 (JVN#24167657)。子...

  2026-05-16 views 38 likes 0
• 
  News

  Anthropic「Mythos」騒動 ― AI 脆弱性発見は「茶番」か、それとも未来か

  Anthropic の AI 脆弱性発見プロジェクト「Mythos」に対し、cURL メインテナの Daniel Stenberg が「深刻度...

  2026-05-16 views 36 likes 0
• 
  News

  CAMPFIRE で 22 万件漏洩 ― 侵入口は「システム管理用 GitHub アカウント」

  クラウドファンディング大手 CAMPFIRE が、2026 年 5 月 11 日、不正アクセスにより最大 225,846 件の個人...

  2026-05-16 views 48 likes 0

›

Explanations

‹

• 
  Explanation

  Nmap Explained: Port Scanning, Service Detection, and OS Fingerprinting

  Nmap (Network Mapper) is an open-source scanner for discovering hosts and services on a network. Rel...

  2026-05-17 views 332 likes 0
• 
  Explanation

  XSS Explained: How Cross-Site Scripting Works and How to Defend Against It

  Cross-Site Scripting (XSS) is a vulnerability that lets an attacker inject malicious scripts into a...

  2026-05-17 views 352 likes 0
• 
  Explanation

  Deauthentication Attack Explained: How It Works and PMF Defense

  A Deauthentication Attack (Deauth Attack) sends spoofed IEEE 802.11 Deauthentication management fram...

  2026-05-11 views 49 likes 0
• 
  Explanation

  Ghidra Explained: NSA's Open-Source Reverse Engineering Suite

  Ghidra is the reverse-engineering suite the NSA used internally for nearly two decades before releas...

  2026-05-11 views 102 likes 0
• 
  Explanation

  Firewall Explained: Five Generations, Stateful Inspection, NGFW / WAF / Cloud SG

  A firewall is an access-control device that blocks traffic that doesn't match its defined rules. Fro...

  2026-05-11 views 56 likes 0
• 
  Explanation

  ASM (Attack Surface Management): EASM, CAASM, DRPS Explained

  ASM (Attack Surface Management) is the security discipline of continuously discovering, inventorying...

  2026-05-11 views 48 likes 0
• 
  Explanation

  Ransomware Explained: Mechanics, Incidents, and Defenses

  Ransomware is malware that 'encrypts files and demands payment for the decryption key' — a model tha...

  2026-05-10 views 65 likes 0
• 
  Explanation

  Trojan Horse Explained: Malware Types, Delivery, and Defenses

  A Trojan horse is malware that disguises itself as legitimate software so the user installs it volun...

  2026-05-10 views 77 likes 0
• 
  Explanation

  DDoS Attacks Explained: Types, Mechanisms, and Defenses

  DDoS (Distributed Denial of Service) is the attack of 'burying a target under floods of (often legit...

  2026-05-10 views 68 likes 0
• 
  Explanation

  Buffer Overflow Explained: Stack, Exploits, and Defenses

  Buffer overflow — writing past the end of an allocated buffer and corrupting adjacent memory — is th...

  2026-05-10 views 87 likes 0
• 
  Explanation

  Kali Linux Explained: Pentest Distribution Toolkit

  Kali Linux is a Debian-based 'attacker-optimized' Linux distribution maintained by Offensive Securit...

  2026-05-10 views 61 likes 0
• 
  Explanation

  Linux Explained: Architecture, Commands, and Distros

  Strictly speaking, 'Linux' refers only to the kernel; what we use day-to-day is a stack of Linus's k...

  2026-05-10 views 71 likes 0
• 
  Explanation

  Wi-Fi (IEEE 802.11) Explained: Standards, Bands, and WPA

  Wi-Fi shares the same MAC + EtherType + Payload frame format as Ethernet, but on the wireless side i...

  2026-05-10 views 72 likes 0
• 
  Explanation

  Ethernet Explained: Frames, MAC Addresses, and Switching

  Ethernet has survived nearly 50 years as effectively the only choice for wired LAN at L2. Starting f...

  2026-05-10 views 63 likes 0
• 
  Explanation

  IPsec Explained: Tunnel/Transport Modes and IKE

  IPsec is a family of protocols that encrypts and authenticates IP packets themselves at L3, so — unl...

  2026-05-10 views 50 likes 0
• 
  Explanation

  TCP/IP Explained: 4-Layer Model and TCP vs UDP

  TCP/IP refers both to the protocol family that powers the Internet and to the four-layer reference m...

  2026-05-09 views 57 likes 0
• 
  Explanation

  VPN Explained: IPsec, OpenVPN, and WireGuard Compared

  A VPN (Virtual Private Network) is a technology that builds a virtual, encrypted private circuit on...

  2026-05-09 views 66 likes 0
• 
  Explanation

  OSI Reference Model Explained: 7 Layers and TCP/IP Mapping

  The ISO Basic Reference Model — better known as the OSI 7-layer model — is the conceptual model stan...

  2026-05-09 views 71 likes 0
• 
  Explanation

  OSINT Explained: Methods, Tools, and Real Examples

  OSINT (Open Source Intelligence) is the practice and culture of investigating people, organizations,...

  2026-05-09 views 80 likes 0
• 
  Explanation

  SSL/TLS Explained: HTTPS Encryption and Certificates

  SSL/TLS provides encryption, authentication, and tamper-detection for Internet traffic — the 'S' in...

  2026-05-09 views 63 likes 0
• 
  Explanation

  IP Explained: IPv4, IPv6, Subnetting, and Routing

  IP (Internet Protocol) is the addressing and packet-forwarding protocol at the heart of the TCP/IP s...

  2026-05-09 views 57 likes 0
• 
  Explanation

  DNS Explained: Name Resolution and Record Types

  DNS is the distributed database that translates human-friendly domain names into the IP addresses co...

  2026-05-09 views 82 likes 0
• 
  Explanation

  Metasploit Framework Explained: Usage and Pentest Workflow

  Metasploit Framework is the open-source attack framework for penetration testing and vulnerability v...

  2026-05-09 views 103 likes 0
• 
  Explanation

  ICMP Explained: ping, traceroute, and Message Types

  ICMP is the control protocol that reports errors and route conditions across IP networks. This artic...

  2026-05-09 views 72 likes 0
• 
  Explanation

  SSH Explained: Mechanism, Public-Key Auth, and Commands

  SSH is the protocol for safely reaching another computer over a network. It replaced cleartext proto...

  2026-05-09 views 67 likes 0
• 
  Explanation

  HTTP/HTTPS

  HTTP/HTTPS is the protocol that powers content delivery on the Web. This article covers the request/...

  2025-10-14 views 404 likes 0

›

Experiments

‹

• 
  Experiment

  EvilBox-One Writeup

  I ran a penetration test against "EvilBox-One" from VulnHub.

  2025-11-12 views 421 likes 0
• 
  Experiment

  Demonstrating Basic SQL Injection Vulnerabilities

  I built a server with XAMPP and put fundamental SQL injection vulnerabilities through their paces.

  2025-11-10 views 485 likes 2
• 
  Experiment

  Visiting the Dark Web

  I read up on what the dark web actually is, then used the Tor Browser to observe it firsthand.

  2025-11-09 views 543 likes 1
• 
  Experiment

  Running a SYN Flood Experiment

  SYN Flood is one of the easiest DoS attacks to launch against a server. I ran the experiment and wor...

  2025-11-06 views 306 likes 0
• 
  Experiment

  Intercepting a Target's Traffic with ARP Spoofing (ARP Cache Poisoning)

  ARP has no built-in authentication and accepts any reply unconditionally — two flaws that attackers...

  2025-11-03 views 256 likes 0
• 
  Experiment

  Stealing a Cookie with XSS

  I built a deliberately vulnerable PHP search page and used it to demonstrate how a cookie can be sto...

  2025-10-18 views 414 likes 0

›

Machines

‹

• 
  machine

  Levi

  Linux Easy

  Easy Linux box. UDP scan reveals SNMP, snmpwalk leaks the running PostgreSQL service, COPY FROM PROG...

  2026-05-02 views 114 likes 0

›

Development

‹

• 
  Development

  Building a WinAPI App That Adds Programs to the Context Menu

  The Windows context menu is a useful little surface. I built a tool that lets you register your favo...

  2025-11-09 views 416 likes 0
• 
  Development

  Building a Simple Port Scanner in C++

  A port scanner is a tool that probes hosts on a network to find which ports are open.

  2025-11-06 views 428 likes 1
• 
  Development

  Building a Simple Keylogger in C++

  A keylogger is software (or hardware) that watches keyboard input and records every key that's press...

  2025-10-17 views 467 likes 0

›

All Articles

Sort Date (newest first) Date (oldest first) Likes (most first) Likes (fewest first) Views (most first) Views (fewest first)

• 
  News

  Anthropic Bun を Claude が 6 日で Rust に移行 — 1M 行・99.8% テスト合格の衝撃

  Anthropic 傘下の JavaScript ランタイム Bun が、Zig から Rust への 100 万行コード移行を Claude AI で...

  2026-05-17 views 32 likes 0
• 
  News

  AIエージェント時代の攻防 — 攻撃も防御も自律化、しかし企業のAI準備度は4割止まり

  2026年5月、AIエージェントを攻撃対象とするレッドチームサービス、自律型インシデント調査AI、企業のAI準...

  2026-05-17 views 32 likes 0
• 
  Explanation

  Nmap Explained: Port Scanning, Service Detection, and OS Fingerprinting

  Nmap (Network Mapper) is an open-source scanner for discovering hosts and services on a network. Rel...

  2026-05-17 views 332 likes 0
• 
  Explanation

  XSS Explained: How Cross-Site Scripting Works and How to Defend Against It

  Cross-Site Scripting (XSS) is a vulnerability that lets an attacker inject malicious scripts into a...

  2026-05-17 views 352 likes 0
• 
  News

  国境を超える ICS / IoT 脅威 ― 水インフラ・LNG・農機まで「物理に近い側」の標的化

  イスラエル水インフラの未完成マルウェア、北海道ガス LNG 受発注システムの不正アクセス、農業用トラクタ...

  2026-05-16 views 30 likes 0
• 
  News

  「外部攻撃ではない情報漏洩」が増えている ― BEC・内部不正・クラウド誤設定の盲点

  BEC で 5,000 万円流出、トヨタ内部情報の出向者経由持出、クラウド設定誤りでマイナンバー漏洩 ― 2026年5...

  2026-05-16 views 29 likes 0
• 
  News

  海外子会社・委託先経由のランサム連鎖 ― 1週間で日本企業 10 件超

  2026年5月の1週間で、海外子会社や業務委託先を侵入経路にしたランサム被害が日本企業で 10 件以上発生。TE...

  2026-05-16 views 37 likes 0
• 
  News

  2026年5月の優先パッチ整理 ― Palo Alto は攻撃確認済、GUARDIANWALL も注意喚起レベル

  2026年5月の脆弱性ラッシュを整理。Palo Alto PAN-OS は限定的な攻撃を Palo Alto 自身が確認済み、GUARDIA...

  2026-05-16 views 34 likes 0
• 
  News

  「あんしんフィルター for au」に平文送信脆弱性 ― 子供を守るアプリが情報を漏らす皮肉

  KDDI 提供の Android アプリ「あんしんフィルター for au」に重要情報の平文送信脆弱性 (JVN#24167657)。子...

  2026-05-16 views 38 likes 0
• 
  News

  Anthropic「Mythos」騒動 ― AI 脆弱性発見は「茶番」か、それとも未来か

  Anthropic の AI 脆弱性発見プロジェクト「Mythos」に対し、cURL メインテナの Daniel Stenberg が「深刻度...

  2026-05-16 views 36 likes 0
• 
  News

  CAMPFIRE で 22 万件漏洩 ― 侵入口は「システム管理用 GitHub アカウント」

  クラウドファンディング大手 CAMPFIRE が、2026 年 5 月 11 日、不正アクセスにより最大 225,846 件の個人...

  2026-05-16 views 48 likes 0
• 
  Explanation

  Deauthentication Attack Explained: How It Works and PMF Defense

  A Deauthentication Attack (Deauth Attack) sends spoofed IEEE 802.11 Deauthentication management fram...

  2026-05-11 views 49 likes 0
• 
  Explanation

  Ghidra Explained: NSA's Open-Source Reverse Engineering Suite

  Ghidra is the reverse-engineering suite the NSA used internally for nearly two decades before releas...

  2026-05-11 views 102 likes 0
• 
  Explanation

  Firewall Explained: Five Generations, Stateful Inspection, NGFW / WAF / Cloud SG

  A firewall is an access-control device that blocks traffic that doesn't match its defined rules. Fro...

  2026-05-11 views 56 likes 0
• 
  Explanation

  ASM (Attack Surface Management): EASM, CAASM, DRPS Explained

  ASM (Attack Surface Management) is the security discipline of continuously discovering, inventorying...

  2026-05-11 views 48 likes 0
• 
  Explanation

  Ransomware Explained: Mechanics, Incidents, and Defenses

  Ransomware is malware that 'encrypts files and demands payment for the decryption key' — a model tha...

  2026-05-10 views 65 likes 0
• 
  Explanation

  Trojan Horse Explained: Malware Types, Delivery, and Defenses

  A Trojan horse is malware that disguises itself as legitimate software so the user installs it volun...

  2026-05-10 views 77 likes 0
• 
  Explanation

  DDoS Attacks Explained: Types, Mechanisms, and Defenses

  DDoS (Distributed Denial of Service) is the attack of 'burying a target under floods of (often legit...

  2026-05-10 views 68 likes 0
• 
  Explanation

  Buffer Overflow Explained: Stack, Exploits, and Defenses

  Buffer overflow — writing past the end of an allocated buffer and corrupting adjacent memory — is th...

  2026-05-10 views 87 likes 0
• 
  Explanation

  Kali Linux Explained: Pentest Distribution Toolkit

  Kali Linux is a Debian-based 'attacker-optimized' Linux distribution maintained by Offensive Securit...

  2026-05-10 views 61 likes 0
• 
  Explanation

  Linux Explained: Architecture, Commands, and Distros

  Strictly speaking, 'Linux' refers only to the kernel; what we use day-to-day is a stack of Linus's k...

  2026-05-10 views 71 likes 0
• 
  Explanation

  Wi-Fi (IEEE 802.11) Explained: Standards, Bands, and WPA

  Wi-Fi shares the same MAC + EtherType + Payload frame format as Ethernet, but on the wireless side i...

  2026-05-10 views 72 likes 0
• 
  Explanation

  Ethernet Explained: Frames, MAC Addresses, and Switching

  Ethernet has survived nearly 50 years as effectively the only choice for wired LAN at L2. Starting f...

  2026-05-10 views 63 likes 0
• 
  Explanation

  IPsec Explained: Tunnel/Transport Modes and IKE

  IPsec is a family of protocols that encrypts and authenticates IP packets themselves at L3, so — unl...

  2026-05-10 views 50 likes 0