Anamar Taknev, Author at Hackercool Magazine

Posted on August 16, 2025August 16, 2025 by Anamar Taknev

Beginners guide to Nuclei vulnerability scanner

Hello, aspiring ethical hackers. In our previous blogpost, you learnt about vulnerability scanning. In this article, you will learn about Nuclei, a high performance, fast and customizable vulnerability scanner that uses YAML based templates. Its features include,

Simple YAML format for creating and customizing vulnerability templates.
Contributions from thousands of security professionals to tackle trending vulnerabilities.
Reduced false positives by simulating real-world steps to verify a vulnerability.
Ultra-fast parallel scan processing and request clustering.
Integration into CI/CD pipelines for vulnerability detection and regression testing.
Supports multiple protocols like TCP, DNS, HTTP, SSL, WHOIS JavaScript, code and more.
Integration with Jira, Splunk, GitHub, Elastic, GitLab.

Let’s see how this tool works. For this, we will be using Kali Linux as attacker system as Nuclei is available by default in its repositories. As target, we will be using Metasploitable 2. Both these systems are part of our Simple Hacking Lab. Nuclei can be installed on Kali as shown below.

Scanning (-u, -t)

Nuclei can be specified with a target URL or IP to scan as shown below.

Here’s how its output looks like.

See all available templates (-tl)

While studying about its features, you have read that Nuclei uses lot of vulnerability templates for performing a vulnerability scan. At the time of scan initialization, Nuclei installs and uses these templates. Templates form a very important part of Nuclei. You can see all the available templates of Nuclei using command shown below.

nuclei -tl

As already mentioned, these templates are in YAML format.

Run a particular template (-t)

If you want to run a specific template instead of all the templates, you can do so with this option. For example, let’s just run phpmyadmin-misconfiguration template as shown below.

List all tags (-tgl)

The templates of Nuclei are also divided based on tags. A tag can be all the templates belonging to a specific software or technology. For example, let’s say WordPress, SSH etc. All the tags in Nuclei can be searched using command shown below.

nuclei -tgl

Run templates belonging to a specific tag (-tags)

This option can be used to run all templates belonging to a specific tag. For example, let’s say we want to run all templates belonging to tag “ftp” on our target, we can do it as shown below.

Here’s its output.

Run code based templates (-Code)

This option can be used to run all “Code” protocol based templates.

Here’s its output.

Run file based templates (-file)

Just like code related templates, Nuclei has file based templates. This option can be used to run them.

Run templates based on severity (-s)

We can also run Nuclei templates based on the severity of vulnerabilities. The possible values it can take is info, low, medium, high and unknown. You have seen in the above scan results of Nuclei that vulnerabilities are being classified from info to critical etc.

For example, let’s just run templates with severity “critical”.

As you can see in the above image, it is only running templates with critical severity.

Silent mode (-silent)

Silent mode of Nuclei just displays results.

Scan multiple targets at once (-L)

Nuclei can also be used to scan multiple targets. For this, all you have to do is save all targets in a text file and use the command shown below.

nuclei -l <target_file>

Saving output (-o)

The output of Nuclei’s vulnerability scan can be saved to a file using the option as shown below.

Next, learn about Nessus vulnerability scanner.

Posted on August 4, 2025August 4, 2025 by Anamar Taknev

Beginners guide to chntpw

Hello, aspiring ethical hackers. In our previous blogpost, you learnt how Windows authentication works. In this article, you will learn about chntpw, a offline Windows password and Registry Editor that can be used to reset or blank local passwords on Windows NT operating systems.

Chntpw or Change NT Password is a utility that does the above actions by editing the SAM database where Windows stores its hashes.

Let’s see how this tool works. We can use this tool in two ways. The first method is using it as a package installed in cybersecurity operating systems like Kali, Parrot Security etc. The second method is via a bootable CD/USB image. For this tutorial, we will be using the bootable CD/USB image. It can be downloaded from here.

Using chntpw, we can reset local account passwords of all NT Windows operating systems like Windows NT, 2000, XP, Vista , Windows 7 , windows 8, windows Server 2003 and 2008 etc. We will test this tool on Windows XP SP2.

After making a bootable USB from files downloaded, insert the bootable USB drive of chntpw and power on into BIOS. You should use the screen shown below.

Hit ENTER. You should see the screen shown below.

Then, it will show you all the steps to take (total 4 steps). In the first step, you have to select the disk you want to make changes to (The disk on which Windows is installed). In our case, it is disk “sdb”. It will automatically show you disk partitions. All you have to do is select. It will automatically also find Windows installations and show it to you. In this example, there is only one disk set.

Select ‘1’. The disk will be mounted. The second step is to select the registry files you want to make changes to. It will prompt you to select the part of registry you want to make changes to from the predefined choices listed. The options given are,
1. Password reset
2. Recovery/ console parameters (software).
3. Loading almost all registry files.

For this tutorial, let’s select the option of “password reset”. Then SAM file will be loaded to the /tmp directory. In the third step, more options are shown as shown below.

Let’s select the option of “Edit user data and passwords”. Then it will list all the users present on the local system.

Then it will ask you to select the “RID” of the user you want to make changes to. Let’s select the user with RID ‘rf4’, the Administrator user. Once you select the user, it will present the ‘User edit’ menu asking you to select what changes you want to make.

Let’s select the option to clear the password (making blank). Then, it will automatically blank the password of the user. Changes are made but not written to the disk yet. Type ‘q’ to quit the menu.

The fourth step is to write the changes to the disk. The tool will prompt you asking if you want to write changes to the disk. Select ‘Yes’ to do it.

That’s how you can use chntpw to change or blank passwords of local Windows users.

Posted on June 11, 2025June 11, 2025 by Anamar Taknev

What is EDR? Endpoint Detection and Response

Hello, aspiring ethical hackers. In our previous blogpost, you learnt about Antivirus. In this article you will learn about Endpoint Detection and Response (EDR). Let’s begin with what is it.

What is Endpoint Detection and Response (EDR)?

Endpoint Detection and Response, also known as Endpoint detection and Threat response (EDT) is a tool used in endpoint security that can detect, contain, investigate and remediate malware, ransomware and other threats like cyber attacks on endpoint devices. This endpoint devices maybe desktop, laptop, mobile, servers and virtual machines.

Both are endpoint security solutions that protect the endpoint devices from malware and viruses. Although its functionality is similar to Antivirus, it is different from Antivirus. While Antivirus detects known malware & viruses, EDR can also detect advanced cyber threats and even actions that seem suspicious. It has a centralized management with agents installed on client devices with a centralized management on one device.

An EDR has two components. They are,

Endpoint data collection agent.
Endpoint centralized management console.

The endpoint agents are installed on the endpoint devices whose security needs to be monitored. This can include multiple devices. These agents collect data from the endpoint devices and send it to the centralized management console.

Importance of EDR

Constantly evolving threat landscape makes the role of EDR very important in cybersecurity. EDR’s not only mitigate known threats, but they also neutralize unknown threats based on their behaviors or action. Not just that, they mitigate the threat by responding with a counter action. EDR’s also play a role in automatic incident response and even in digital forensics and compliance testing.

How EDR works?

An EDR has the following stages while functioning. They are,

1. Collecting data:

This is the first stage and in this stage all the agents installed on endpoint devices collect data and send it to the management console. Analysts monitor the security of the devices from a single location.

2. Analyzing collected data:

All the data collected by endpoint agents may not be important from security point of view. So, the centralized Management console of an EDR filters the data and analyses it for any threats.

3. Detecting threats:

While analyzing the collected data, if EDR finds anything dangerous, it flags it as a threat and triggers an alert.

4. Planning response:

Not just sending an alert, it also responds to mitigate the threat on the machine it is detected.

Posted on May 14, 2025May 12, 2025 by Anamar Taknev

Beginners guide to malware analysis

Hello, aspiring ethical hackers. In our previous blogpost, you have learnt in detail about malware. In this article, you will learn about malware analysis.

What is malware analysis?

Malware analysis is the process of analyzing the code of the Virus to find out what it does, how it works, how it evades Antivirus etc. This helps in detection and prevention of the threat.

Importance of analyzing malware

Analyzing of malware helps us to understand the functionality of malware and what it does when executed, the level of damage it causes after infection etc. It will also help us to understand how malware infected our machine at first. By knowing these, better mitigation can be planned for present and future.

Types of malware analysis

There are variety of techniques used to analyze malware. They are,

1. Static analysis:

In this type of analysis, the static properties of the virus are analyzed without actually executing it. This type of analysis helps us to understand details like nature of malware, file names, IP addresses and domains, metadata etc.

2. Dynamic analysis:

In this analysis, the virus is actively executed in a sandbox. A sandbox is an isolated and secure environment in which you can safely execute code of malware. Analyzing it this way is an improvement over static analysis as we can see malware in action. This helps us to gather more information about the malware.

3. Hybrid analysis:

Some types of advanced malware have protection mechanisms to prevent anyone from analyzing the malware. For example, anti-sandbox feature is used that tells malware to stay dormant if it detects a sandbox. It is in cases like these, hybrid analysis becomes important. It combines both static and dynamic analysis to analyze the malware.

Stages in analyzing malware

Analyzing of malware has the following stages. They are,

1. Get malware sample:

Obviously, getting the malware sample is the first step if you want to analyze its code.

2. Build a lab to analyze malware:

The next step in analyzing the code of malware is creation of an isolated and safe environment without any risk of infection to the organization’s network.

3. Performing static analysis:

Next step is to get the virus sample into the malware analysis lab and perform static analysis on it. As already learnt, this helps us to understand the behavioral properties of malware.

4. Performing automated analysis:

The next step is to use a automated tool to analyze malware. This analysis can determine potential risks if malware infects a machine.

5. Manual code review:

In this stage, the code of the malware is reversed manually using debuggers, disassembly compilers and other specialized tools to understand its behavior.

Posted on May 12, 2025May 11, 2025 by Anamar Taknev

Beginners guide to digital forensics

Hello, aspiring ethical hackers. In our previous blogpost, you learnt about threat intelligence. In this article, you will learn about digital forensics. It plays an important role not only in investigating cyber attacks but also in solving crimes that have digital elements attached to it. This digital evidence is admissible in court proceedings. In Information security, unlike penetration testing, forensics comes after the cyber attack has already occurred.

What is digital forensics?

Digital forensics, a branch of forensic science is a process that includes identification collection, acquisition, analysis and reporting of any information or evidence from digital devices that were used as part of a crime or victims of cyber attacks.

Types of digital forensics

Digital forensics has different branches. They are,

1. Computer forensics:

Also known as cyber forensics, this branch deals with collecting digital evidence from computers.

2. Mobile forensics:

As you might have guessed by now, this branch deals with collection of digital evidence from mobile devices like smart phones, tablets etc.

3. Network forensics:

This branch deals with collection and analysis of digital evidence from network traffic.

4. Database forensics:

This branch deals with analyzing databases for digital evidence.

5. Cloud forensics:

This branch deals with collecting and analyzing digital evidence from the cloud.

Stages of digital forensics

Digital forensics has five stages. They are,

1. Identification of digital evidence:

The first stage is identifying where the digital evidence may be present after a cyber attack or cyber incident.

2. Acquisition and preservation:

After identifying where digital evidence may be present, the next step is to collect this evidence and more importantly preserve it from being contaminated. If the evidence gets contaminated, it will not be admissible in court.

3. Analysis:

In this stage, the collected and carefully preserved digital evidence is analyzed to reconstruct the events of the cyber attack or cyber crime.

4. Documentation:

After all the evidence related to the cyber crime or cyber attack has been analyzed, the next step is documenting all the evidence in a clean manner to be presented in a court.

5. Presentation:

The last stage is presenting all the documented evidence in court or to the affected and all other stakeholders for conviction and to help courts in decision making.

Next, learn how to respond in case of a cyber incident with incident response.

Author: Anamar Taknev