What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-12-31 13:22:43 | Burp Suite for Pentester: Turbo Intruder (lien direct) | Is fuzzing your favourite attack type, but you didn't enjoy it due to the low speed and high memory usage when you work over with some big dictionaries? So, today over with this article, we'll explore one of the fastest and the most reliable fuzzer “Turbo Intruder” – a burp suite extension that will dump... Continue reading → | |||
|
2020-12-29 13:42:50 | Burp Suite for Pentester: Burp Sequencer (lien direct) | Whenever we log into an application, the server issues a Session ID or a token, and all over from the internet we hear that the session ID we get is unique, but what, if we could guess the next unique session ID which the server will generate? Today, in this article we'll try to overtake... Continue reading → | |||
|
2020-12-26 14:49:51 | Burp Suite For Pentester: HackBar (lien direct) | Isn't it a bit time consuming and a boring task to insert a new payload manually every time for a specific vulnerability and check for its response? So, today in this article we'll explore one of the best burp suite's plugins “Hack Bar” which will speed up all of our manual payload insertion tasks and... Continue reading → | Vulnerability | ||
|
2020-12-25 14:51:18 | Android Penetration Testing: Drozer (lien direct) | Introduction Drozer is an android application security testing framework developed by FSecureLABS that makes it easy for a tester to create test cases and check for possible vulnerabilities in the components of an application. It was formerly known as Mercury and has honorable mentions in much leading mobile application security testing books as well. It... Continue reading → | Guideline | ||
|
2020-12-23 15:34:30 | Burp Suite for Pentester: Burp Collaborator (lien direct) | A number of vulnerabilities exist over the web, but the majority of them are not triggered directly as they do not reproduce any specific output or an error. So, is the output or the error is the only solution to determine that the vulnerability exist or not? So, today in this article of the series... Continue reading → | Vulnerability | ||
|
2020-12-18 13:08:14 | (Déjà vu) Hogwarts: Bellatrix Vulnhub Walkthrough (lien direct) | Today we're going to solve another boot2root challenge called “HOGWARTS: BELLATRIX “. It's available at VulnHub for penetration testing practice. This lab is not difficult if we have the right basic knowledge to break the labs and are attentive to all the details we find during the reconnaissance. The credit for making this lab goes... Continue reading → | |||
|
2020-12-18 10:44:47 | Credential Dumping: Windows Autologon Password (lien direct) | Autologon helps you to conveniently customize the built-in Autologon mechanism for Windows. Rather than waiting for a user to enter their name and password, Windows will automatically log in to the required user using the credentials you submit with Autologon, which are encrypted in the registry. In this post, we will try to dump the... Continue reading → | |||
|
2020-12-18 07:39:19 | Burp Suite for Pentester: Web Scanner & Crawler (lien direct) | You might be using a number of different tools in order to test a web-application, majorly to detect the hidden web-pages and directories or to get a rough idea about where the low-hanging fruits or the major vulnerabilities are. So today, in this article, we'll discuss how you can identify the hidden web-pages or determine... Continue reading → | |||
|
2020-12-17 16:06:27 | Android Hooking and SSLPinning using Objection Framework (lien direct) | Introduction Objection is runtime mobile exploration toolkit built on top of frida which is used in Android and iOS pentesting. We can use Objection to perform numerous functions like SSLPinning bypass, root detection bypass, performing memory tasks, heap tasks and more without even being root/ jailbroken. However, it is to be noted that to take... Continue reading → | |||
|
2020-12-16 11:45:40 | Nmap for Pentester: Host Discovery (lien direct) | Nmap has become one of the most popular tools in network scanning by leaving other scanners behind. Many times the hosts in some organisations are secured using firewalls or intrusion prevention systems which result in the failure of scanning due to the present set of rules which are used to block network traffic. In Nmap,... Continue reading → | |||
|
2020-12-14 17:37:06 | Comprehensive Guide on Autopsy Tool (Windows) (lien direct) | Autopsy is an open-source tool that is used to perform forensic operations on the disk image of the evidence. The forensic investigation that is carried out on the disk image is displayed here. The results obtained here are of help to investigate and locate relevant information. This tool is used by law enforcement agencies, local... Continue reading → | Tool | ||
|
2020-12-07 17:57:22 | Android Pentest Lab Setup & ADB Command Cheatsheet (lien direct) | Introduction To learn android pentest in a much handier way we'll be setting up Android Pentest environment in our own system rather than conducting an experiment on a live device. It is to be noted that these practicals can be conducted on a phone with USB debugging option on as well, but we'll be using... Continue reading → | |||
|
2020-12-06 17:02:03 | Linux for Beginners: A Small Guide (Part 3) (lien direct) | Let's cover more advanced concepts and pick of where we left in part 2 of this article where we learned somehow to interact and manage network devices, discover the different process running on your system and getting a grip of the usage of environment variables. In this article, we'll be focusing on some advanced Linux... Continue reading → | |||
|
2020-12-04 15:48:12 | Nmap for Pentester: Output Format Scan (lien direct) | Nmap which is also known as Network Mapper is one of the best open-source and the handiest tool that is widely used for security auditing and network scanning by pentesters. It also provides an additional feature where the results of a network scan can be recorded in various formats. Table of Contents Introduction- Scan Output... Continue reading → | Tool | ||
|
2020-12-04 15:05:46 | Linux for Beginners: A Small Guide (Part 2) (lien direct) | Let's dig in deeper from the previous concepts of part 1 of this article where we learned some basic day to day commands like navigating around the directories, creating files, copying them, commands to manipulate text on your terminal windows, installing software packages on your system and playing with file permissions. In this article, we'll... Continue reading → | |||
|
2020-12-04 09:04:21 | (Déjà vu) Cybox: 1 VulnHub Walkthrough (lien direct) | Today we’re going to solve another boot2root challenge called “Cybox: 1“. It’s available at VulnHub for penetration testing practice. This lab is not difficult if we have the right basic knowledge to break the labs and are attentive to all the details we find during the reconnaissance. The credit for making this lab goes to... Continue reading → | |||
|
2020-12-02 09:38:39 | Android Application Framework: Beginner\'s Guide (lien direct) | Android is a mobile operating system based on a modified version of the Linux kernel and other open-source software, designed primarily for touchscreen mobile devices such as smartphones and tablets. Android is developed by a consortium of developers known as the Open Handset Alliance and commercially sponsored by Google. In this article series we'll demonstrate... Continue reading → | |||
|
2020-12-01 08:29:58 | Implementation of Firewall Policies :FortiGate (Part 2) (lien direct) | In the previous part, we have discussed some basic firewall policies that are must require to set up a firewall. Let's move towards some advance policies. You can access the previous article from Here: Implementation of Firewall Policies :FortiGate (Part 1) In this article, we are going to create some policies that is much required... Continue reading → | |||
|
2020-12-01 07:43:43 | Implementation of Firewall Policies :FortiGate (Part 1) (lien direct) | In today's era whether your is for personal use or designated to a multi-billion-dollar enterprise, no doubt security should be the number priority out of all. A firewall acts like a barrier that keeps destructive forces away from computers and prevents a network from unauthorized access by enhancing the security devices connected to a network.... Continue reading → | |||
|
2020-11-28 14:59:26 | (Déjà vu) Iron Corp TryHackMe Walkthrough (lien direct) | Today we’re going to solve another boot2root challenge called “Iron Corp“. It’s available at TryHackMe for penetration testing practice. This lab is not difficult if we have the right basic knowledge to break the labs and are attentive to all the details we find during the reconnaissance. The credit for making this lab goes to... Continue reading → | |||
|
2020-11-23 12:19:24 | Password Dumping Cheatsheet: Windows (lien direct) | Introduction Password storing mechanism, ever since the genesis of Windows, has been an angle of interest from security researcher's point of view and its implementation has often been criticized. However, newer versions of Windows seem to have tried and tackled this problem in many parameters, but we still can't say that Windows' password storage mechanism... Continue reading → | |||
|
2020-11-22 16:23:38 | Linux For Beginners: A Small Guide (lien direct) | More often than not, certain operating systems tend to get tied to certain tasks. When it comes to penetration testing, Linux based operating systems are always mapped to it. This article will help you get comfortable with the fundamentals of Linux. So let's start. Table of Content: Why use Linux for pentesting? The Basic Linux... Continue reading → | |||
|
2020-11-21 12:59:23 | Router Penetration Testing (lien direct) | Introduction Embedded devices are an essential part of a network. In corporate environment as well as small home networks there is at least one router/switch and gaining access to it means gaining access to the whole network and needless to say, people don't like investing much money in these kinds of network devices and most... Continue reading → | |||
|
2020-11-21 06:44:17 | Firewall Lab Setup : FortiGate (lien direct) | In the game of network security, you are either secure or you are not; there exists no middle ground. If a computer is connected to the Internet connection, it is vulnerable to online attacks. The only difference is some computers could be more susceptible than others. Table of Content Prerequisites What is Firewall Download FortiGate... Continue reading → | |||
|
2020-11-21 06:09:52 | (Déjà vu) Ghizer TryHackMe Walkthrough (lien direct) | Today we’re going to solve another boot2root challenge called “Ghizer“. It’s available at TryHackMe for penetration testing practice. This lab is not difficult if we have the right basic knowledge to break the labs and are attentive to all the details we find during the reconnaissance. The credit for making this lab goes to stuxnet.... Continue reading → | |||
|
2020-11-19 13:05:38 | Comprehensive Guide on XXE Injection (lien direct) | XML is a markup language that is commonly used in web development. It is used for storing and transporting data. So, today in this article, we will learn how an attacker can use this vulnerability to gain the information and try to defame web-application. XXE Testing Methodology: Introduction to XML Introduction to XXE Injection Impacts... Continue reading → | Vulnerability | ★★★★ | |
|
2020-11-18 13:06:19 | DNScat2: Application Layer C&C (lien direct) | In today's world, IT infrastructure and network security devices are becoming more and more secure and hence, ports like 53 (DNS) is used as a communication channel between a client and a C2 server. In highly restricted environments, DNS always resolves domains. So, to serve our penetration testing purpose we might require a tool that... Continue reading → | Tool | ||
|
2020-11-18 12:14:27 | AlienVault: Threat Hunting/Network Analysis (lien direct) | What is threat hunting? The process of threat hunting involves proactively searching for malware or attackers that are hiding within a network. Rather than simply relying on security solutions or services to detect threats, threat hunting is a predictive element to a layered security strategy, empowering organizations to go on the offensive looking for threats.... Continue reading → | Malware Threat | ||
|
2020-11-17 12:28:55 | Comprehensive Guide on Honeypots (lien direct) | Honeypots are generally hardware or software that are deployed by the security departments of any organization to examine the threats that are possessed by the attackers. Honeypots usually act as baits for an organization to gather information on the attacker and alongside protect the real target system. Table of Contents What are Honeypots Working of... Continue reading → | |||
|
2020-11-17 05:39:54 | (Déjà vu) 0day TryHackMe Walkthrough (lien direct) | Today we’re going to solve another boot2root challenge called “0day“. It’s available at TryHackMe for penetration testing practice. This lab is not difficult if we have the right basic knowledge to break the labs and are attentive to all the details we find during the reconnaissance. The credit for making this lab goes to MuirlandOracle... Continue reading → | |||
|
2020-11-15 15:09:17 | The Server From Hell TryHackMe Walkthrough (lien direct) | In this article, we will provide the write-up of the Try Hack Me Room: The Server from hell. This is a write-up about a medium level boot to root Linux box which is available for free on TryHackMe for penetration testing practice. Let's get started and learn how to break it down successfully. Level: Medium... Continue reading → | Hack | ||
|
2020-11-14 14:27:23 | (Déjà vu) Revenge TryHackMe Walkthrough (lien direct) | Today we’re going to solve another boot2root challenge called “Revenge”. It’s available at TryHackMe for penetration testing practice. This lab is not difficult if we have the right basic knowledge to break the labs and are attentive to all the details we find during the reconnaissance. The credit for making this lab goes to Nameless0ne.... Continue reading → | |||
|
2020-11-13 16:17:43 | HA: Sherlock Vulnhub Walkthrough (lien direct) | Here is the walkthrough of our very own Capture-the-flag, HA: Sherlock which is designed by our team at Hacking Articles. “HA: Sherlock” is a vulnerable machine based on the famous investigator Sherlock Holmes's journey on solving the Curious Case of Harshit’s murder! This is a Forensic based Capture-the-Flag and is not a Boot-to-Root. So, there... Continue reading → | |||
|
2020-11-13 07:59:20 | (Déjà vu) Internal TryHackMe Walkthrough (lien direct) | Today we’re going to solve another boot2root challenge called “Internal”. It’s available at TryHackMe for penetration testing practice. This lab is not difficult if we have the right basic knowledge to break the labs and are attentive to all the details we find during the reconnaissance. The credit for making this lab goes to TheMayor.... Continue reading → | |||
|
2020-11-11 09:09:53 | (Déjà vu) Startup TryHackMe Walkthrough (lien direct) | Today we’re going to solve another boot2root challenge called “Startup”. It’s available at TryHackMe for penetration testing practice. This lab is not difficult if we have the right basic knowledge to break the labs and are attentive to all the details we find during the reconnaissance. The credit for making this lab goes to r1gormort1s.... Continue reading → | |||
|
2020-11-10 19:24:34 | HA: Vedas Vulnhub Walkthrough (lien direct) | This is our Walkthrough of “HA: Vedas” and the CTF is designed by Hacking Articles Team, hope you will enjoy it !! Task: Vedas meaning sacred knowledge or revealed knowledge, are the old texts of Hinduism. Thereby, this lab is based on the four Vedas, the flags are based on the same which are as... Continue reading → | |||
|
2020-11-09 07:53:35 | (Déjà vu) Relevant TryHackMe Walkthrough (lien direct) | Today we’re going to solve another boot2root challenge called “Relevant”. It’s available at TryHackMe for penetration testing practice. This lab is not difficult if we have the right basic knowledge to break the labs and are attentive to all the details we find during the reconnaissance. The credit for making this lab goes to TheMayor.... Continue reading → | |||
|
2020-11-08 20:20:49 | Burp Suite for Pentester – Fuzzing with Intruder (Part 3) (lien direct) | After reading both of our previous articles, you might be wondering, “What about the other features or sections that Burpsuite's Intruder offers us?” or “How can we use the other payload options rather than the Simple list only?” So today, in this article, you'll get all of your questions answered, whether it’s regarding the payload... Continue reading → | |||
|
2020-11-08 19:11:06 | Memory Forensics using Volatility Workbench (lien direct) | Volatility Workbench is a GUI version of one of the most popular tool Volatility for analyzing the artifacts from a memory dump. It is available free of cost, open-source, and runs on the Windows Operating system. You can download it from Here. You can refer to the previous article Memory Forensics: Using Volatility from here, ... Continue reading → | Tool | ||
|
2020-11-07 11:33:59 | Burpsuite for Pentester – Fuzzing with Intruder (Part 2) (lien direct) | Over in the previous article, we learned about what fuzzing is and how the burpsuite helps us to fuzz a web-application, along with all these things we had even explored some great fuzzing payload lists that are offered by the burpsuite's Intruder tab. So, today, in this article we'll investigate some other amazing pre-defined burpsuite's... Continue reading → | |||
|
2020-11-06 16:54:56 | Comprehensive Guide on FTK Imager (lien direct) | FTK Imager is an open-source software by AccessData that is used for creating accurate copies of the original evidence without actually making any changes to it. The Image of the original evidence is remaining the same and allows us to copy data at a much faster rate, which can be soon be preserved and can... Continue reading → | |||
|
2020-11-05 19:15:14 | (Déjà vu) Burp Suite for Pentester – Fuzzing with Intruder (Part 1) (lien direct) | Whether it’s guessing up a login credential or opting a valid payload for a specific vulnerability, both of these things are time-consuming and require a number of permutation and combination to built up a dictionary for them, if done manually. But what, if all these things are done with some simple click and you just... Continue reading → | |||
|
2020-11-05 19:15:14 | Burp Suite for Pentester – Fuzzing via Intruder Tab (lien direct) | Whether it’s guessing up a login credential or opting a valid payload for a specific vulnerability, both of these things are time-consuming and require a number of permutation and combination to built up a dictionary for them, if done manually. But what, if all these things are done with some simple click and you just... Continue reading → | |||
|
2020-11-03 17:06:52 | Burp Suite for Pentester – XSS Validator (lien direct) | You might have used a number of online tools to detect XSS vulnerabilities and a few to validate them and thereby, at last, with all the generated outcome you try to exploit the injection point manually or with burpsuite's fuzzing. But what, if we get all these things wrapped up at a single place. Today... Continue reading → | |||
|
2020-11-02 14:40:17 | Burp Suite for Pentester – Configuring Proxy (lien direct) | Burp Suite, you might have heard about this great tool and even used it in a number of times in your bug hunting or the penetration testing projects. Though, after writing several articles on web-application penetration testing, we've decided to write a few on the various options and methods provided by this amazing tool which... Continue reading → | Tool | ||
|
2020-10-30 12:23:24 | (Déjà vu) KB-Vuln: 3 Vulnhub Walkthrough (lien direct) | Today we are going to solve another boot2root challenge called “KB-VULN: 3”. It’s available at VulnHub for penetration testing and you can download it from here. The merit of making this lab is due to Machine. Let’s start and learn how to break it down successfully. Level: Eas Penetration Testing Methodology Reconnaissance Netdiscover Nmap Enumeration... Continue reading → | |||
|
2020-10-29 11:29:54 | Memory Forensics: Using Volatility Framework (lien direct) | Cyber Criminals and attackers have become so creative in their crime type that they have started finding methods to hide data in the volatile memory of the systems. Today, in this article we are going to have a greater understanding of live memory acquisition and its forensic analysis. Live Memory acquisition is a method that... Continue reading → | |||
|
2020-10-26 16:20:39 | Forensic Investigation: Shellbags (lien direct) | In this article, we will be focusing on shellbags and its forensic analysis using shellbag explorer. Shellbags are created to enhance the users' experience by remembering user preferences while exploring folders, the information stored in shellbags is useful for forensic investigation. Table of Contents Introduction Location of shellbags Forensic analysis using Shellbags Explorer Active Registry... Continue reading → | |||
|
2020-10-23 18:03:36 | HA: Forensics: Vulnhub Walkthrough (lien direct) | Introduction Today we are going to crack this vulnerable machine called HA: Forensics. This is a Capture the Flag type of challenge. It contains FOUR flags that are accessible as the solving of the lab progresses based on hints. It is a Forensics focused machine. Download Lab from here. Penetration Testing Methodology Network Scanning Netdiscover... Continue reading → | |||
|
2020-10-23 09:32:48 | AlienVault: OSSEC (IDS) Deployment (lien direct) | In this article, we will discuss of Deployment of OSSEC (IDS) agents to the AlienVault server. OSSEC is an open-source, host-based intrusion detection system (commonly called IDS) that market itself as the world's most widely used intrusion detection system that performs or helps us to Monitor: – Network Anomalies Log analysis Integrity Checking Windows registry... Continue reading → |
To see everything:
Our RSS (filtrered)
