What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-02-25 15:09:24 | (Déjà vu) Nest HackTheBox Walkthrough (lien direct) | Today we are going to crack a machine called Nest. It was created by VbScrub. This is a Capture the Flag type of challenge. This machine is hosted on HackTheBox. Let's get cracking! Penetration Testing Methodology Network Scanning Nmap Scan Enumeration Enumerating SMB Shares Downloading Files from SMB Enumerating TempUser | |||
|
2021-02-25 14:12:20 | Firefox for Pentester: Hacktool (lien direct) | It’s very hard for a bug bounty hunter or a web application pentester to remember all the codes or to search for different payloads by searching it over google. So, what if we can get all the payload in one place so that you don't have to hop from one | |||
|
2021-02-24 19:00:36 | Android Pentest: Automated Analysis using MobSF (lien direct) | Introduction MobSF is an open-source tool developed by Ajin Abraham that is used for automated analysis of an APK. This is a collection of tools that run under one interface, perform their own individual tasks (like Jadx, apktool etc) and display their results under a common interface. These reports can | Tool | ||
|
2021-02-24 10:01:34 | Nmap for Pentester: Vulnerability Scan (lien direct) | Introduction Nmap Scripting Engine (NSE) has been one of the most efficient features of Nmap which lets users prepare and share their scripts to automate the numerous tasks that are involved in networking. As we know about the Nmap's speed and. competence, it allows executing these scripts side-by-side. According to | Vulnerability | ||
|
2021-02-24 09:40:44 | (Déjà vu) SneakyMailer HackTheBox Walkthrough (lien direct) | Today we are going to crack a machine called SneakyMailer. It was created by sulcud. This is a Capture the Flag type of challenge. This machine is hosted on HackTheBox. Let's get cracking! Penetration Testing Methodology Network Scanning Nmap Scan Enumeration Enumerating HTTP Service Enumerating Email Addresses Extracting Email Addresses | |||
|
2021-02-22 08:53:22 | (Déjà vu) Resolute HackTheBox Walkthrough (lien direct) | Today we are going to crack a machine called Resolute. It was created by egre55. This is a Capture the Flag type of challenge. This machine is hosted on HackTheBox. Let's get cracking! Penetration Testing Methodology Network Scanning Nmap Scan Enumeration Enumerating SMB Users Extracting Stored Password Password Spraying using | |||
|
2021-02-22 08:11:06 | (Déjà vu) Sniper HackTheBox Walkthrough (lien direct) | Today we are going to crack a machine called Sniper. It was created by MinatoTW and felamos. This is a Capture the Flag type of challenge. This machine is hosted on HackTheBox. Let's get cracking! Penetration Testing Methodology Network Scanning Nmap Scan Enumeration Browsing HTTP Service Enumerating parameters in URL | |||
|
2021-02-19 14:43:26 | (Déjà vu) Querier HackTheBox Walkthrough (lien direct) | Today we are going to crack a machine called Querier. It was created by mrh4sh & egre55. This is a Capture the Flag type of challenge. This machine is hosted on HackTheBox. Let's get cracking! Penetration Testing Methodology Network Scanning Nmap Scan Enumeration Enumerating SMB Shares Inspecting xlsm File Enumerating | |||
|
2021-02-19 14:06:13 | (Déjà vu) Chaos HackTheBox Walkthrough (lien direct) | Today we’re going to solve another boot2root challenge called “Chaos“. It’s available at HackTheBox for penetration testing practice. This laboratory is of a medium level, but with adequate basic knowledge to break the laboratories and if we pay attention to all the details we find during the examination it will | |||
|
2021-02-18 19:06:36 | (Déjà vu) Android Penetration Testing: APK Reversing (Part 2) (lien direct) | Introduction Android reverse engineering refers to the process of decompiling the APK for the purpose of investigating the source code that is running in the background of an application. In part 1 (refer here) we saw how an attacker would be able to decompile, change the smali files and recompile | |||
|
2021-02-17 19:57:41 | (Déjà vu) OpenKeyS HackTheBox Walkthrough (lien direct) | Today we are going to crack a machine called OpenKeyS. It was created by polarbearer & GibParadox. This is a Capture the Flag type of challenge. This machine is hosted on HackTheBox. Let's get cracking! Penetration Testing Methodology Network Scanning Nmap Scan Enumeration Browsing HTTP Service Directory Bruteforce using gobuster | |||
|
2021-02-17 19:43:28 | (Déjà vu) Cache HackTheBox Walkthrough (lien direct) | Today we are going to crack a machine called Cache. It was created by ASHacker. This is a Capture the Flag type of challenge. This machine is hosted on HackTheBox. Let's get cracking! Penetration Testing Methodology Network Scanning Nmap Scan Enumeration Browsing HTTP Service Enumerating the Source Code Getting the | |||
|
2021-02-16 07:59:04 | (Déjà vu) Book HackTheBox Walkthrough (lien direct) | Today we are going to crack a machine called Book. It was created by MrR3boot. This is a Capture the Flag type of challenge. This machine is hosted on HackTheBox. Let's get cracking! Penetration Testing Methodology Network Scanning Nmap Scan Enumeration Browsing HTTP Service Registering on Website Enumerating admin mail | |||
|
2021-02-16 07:31:26 | (Déjà vu) Remote HackTheBox Walkthrough (lien direct) | Today we are going to crack a machine called Remote. It was created by mrb3n. This is a Capture the Flag type of challenge. This machine is hosted on HackTheBox. Let's get cracking! Penetration Testing Methodology Network Scanning Nmap Scan Enumeration Browsing HTTP Service Enumerating Umbraco CMS Enumerating NFS Service | |||
|
2021-02-13 17:21:00 | Comprehensive Guide on Dirsearch (Part 2) (lien direct) | This is the second instalment of our series comprehensive guide on dirsearch. In the first part of this series, we have discussed some basic command on dirsearch. If you haven't checked the first part yet you can learn these features from here. In this part, we will try to explore | |||
|
2021-02-13 13:18:17 | WebDAV Penetration Testing (lien direct) | Hello Pentesters, today, in this article we are going to learn about the concept of WebDAV. We will also see how to set up the Web DAV server and configure a lab for Penetration Testing. Table of Contents Introduction to WebDAV Lab Configuration Creating a Sudo User Installing Apache2 server | |||
|
2021-02-12 17:14:26 | (Déjà vu) Traceback HackTheBox Walkthrough (lien direct) | Today we are going to crack a machine called Traceback. It was created by Xh4H. This is a Capture the Flag type of challenge. This machine is hosted on HackTheBox. Let's get cracking! Penetration Testing Methodology Network Scanning Nmap Scan Enumeration Browsing HTTP Service Enumerating Source Code Enumerating Web Shells | |||
|
2021-02-11 11:31:49 | (Déjà vu) Magic HackTheBox Walkthrough (lien direct) | Today we are going to crack a machine called magic. It was created by TRX. This is a Capture the Flag type of challenge. This machine is hosted on HackTheBox. Let's get cracking! Penetration Testing Methodology Network Scanning Nmap Scan Enumeration Browsing HTTP Service Bypassing Authentication using SQL Injection Exploitation | |||
|
2021-02-11 11:12:47 | (Déjà vu) LaCasaDePapel HackTheBox Walkthrough (lien direct) | Today we are going to crack a machine called Fuse. It was created by thek. This is a Capture the Flag type of challenge. This machine is hosted on HackTheBox. Let's get cracking! Penetration Testing Methodology Network Scanning Nmap Scan Enumeration Browsing HTTP Service Enumerating Psy Shell Reading Sensitive Files | |||
|
2021-02-08 11:31:28 | (Déjà vu) Fuse HackTheBox Walkthrough (lien direct) | Today we are going to crack a machine called Fuse. It was created by egre55. This is a Capture the Flag type of challenge. This machine is hosted on HackTheBox. Let's get cracking! Penetration Testing Methodology Network Scanning Nmap Scan Enumeration Browsing HTTP Service Crafting Dictionary for Bruteforce using CeWL | |||
|
2021-02-06 18:18:19 | (Déjà vu) Doctor HackTheBox Walkthrough (lien direct) | Today we’re going to solve another boot2root challenge called “Doctor“. It’s available at HackTheBox for penetration testing practice. This laboratory is of an easy level, but with adequate basic knowledge to break the laboratories and if we pay attention to all the details we find during the examination it will | |||
|
2021-02-05 13:09:23 | (Déjà vu) SwagShop HackTheBox Walkthrough (lien direct) | Today we are going to crack a machine called Admirer. It was created by ch4p. This is a Capture the Flag type of challenge. This machine is hosted on HackTheBox. Let's get cracking! Penetration Testing Methodology Network Scanning Nmap Scan Enumeration Browsing HTTP Service Exploitation Exploiting RCE for Admin Access | |||
|
2021-02-03 18:48:47 | Android Penetration Testing: Apk Reverse Engineering (lien direct) | Introduction Android reverse engineering refers to the process of decompiling the APK for the purpose of investigating the source code that is running in the background of an application. An attacker would ideally be able to change the lines of bytecode to make the application behave in the way that | |||
|
2021-02-03 06:54:51 | (Déjà vu) Blunder HackTheBox Walkthrough (lien direct) | Today we are going to crack a machine called Admirer. It was created by egotisticalSW. This is a Capture the Flag type of challenge. This machine is hosted on HackTheBox. Let's get cracking! Penetration Testing Methodology Network Scanning Nmap Scan Enumeration Browsing HTTP Service Directory Bruteforce using gobuster Enumerating Usernames | |||
|
2021-02-02 19:14:19 | Thick Client Penetration Testing: Information Gathering (lien direct) | In the previous article, we have discussed the reverse engineering of original DVTA application in the Lab setup of Thick Client: DVTA part 2 In this part, we are going to systematically pentesting the DVTA application for various issues. Table of Content Prerequisites Information Gathering by using CFF Explorer Information | |||
|
2021-02-01 20:01:54 | Port Forwarding & Tunnelling Cheatsheet (lien direct) | In this article, we are going to learn about the concepts and techniques of Port forwarding and Tunnelling. This article stands as an absolute cheatsheet on the two concepts. Port forwarding transmits a communication request from one address and the port number while sending the packets in a network. Tunnelling has proven | |||
|
2021-01-29 15:40:26 | Admirer HackTheBox Walkthrough (lien direct) | Today we are going to crack a machine called Admirer. It was created by polarbearer and GibParadox. This is a Capture the Flag type of challenge. This machine is hosted on HackTheBox. Let's get cracking! Penetration Testing Methodology Network Scanning Nmap Scan Enumeration Browsing HTTP Service Directory Bruteforce using gobuster | |||
|
2021-01-24 17:08:14 | Comprehensive Guide on Dirsearch (lien direct) | In this article, we will learn how we can use Dirsearch. It is a simple command-line tool designed to brute force directories and files in websites. Which is a Python-based command-line website directory scanner designed to brute force site structure including directories and files. Table of Content Introduction to Dirsearch | Tool | ||
|
2021-01-24 16:31:33 | Android Pentest: Deep Link Exploitation (lien direct) | Introduction to Deep Links In many scenarios an application needs to deal with web based URLs in order to authenticate users using Oauth login, create and transport session IDs and various other test cases. In such scenarios, developers configure deep links, aka, custom URL schemas that tell the application to | |||
|
2021-01-24 09:40:00 | Exploiting Stored Cross-Site Scripting at Tenda AC5 AC1200 (lien direct) | While testing Tenda AC5 AC1200 over at the Hacking Articles Research Lab, we uncovered several vulnerabilities in its latest firmware version V15.03.06.47_multi. Thereby in a heap of basic vulnerabilities, there was a one with the highest severity i.e. Stored Cross-Site Scripting. So, let's take a look at how we detected | |||
|
2021-01-21 05:59:16 | (Déjà vu) Forest HackTheBox Walkthrough (lien direct) | Today we’re going to solve another boot2root challenge called “Forest“. It’s available at HackTheBox for penetration testing practice. This laboratory is of an easy level, but with adequate basic knowledge to break the laboratories and if we pay attention to all the details we find during the examination it will | |||
|
2021-01-19 18:57:35 | (Déjà vu) Traverxec HacktheBox Walkthrough (lien direct) | Today we're going to solve another boot2root challenge called “Traverxec“. It's available at HacktheBox for penetration testing practice. This laboratory is of an easy level, but with adequate basic knowledge to break the laboratories and if we pay attention to all the details we find during its examination, it will | |||
|
2021-01-18 12:38:11 | (Déjà vu) Cascade HacktheBox Walkthrough (lien direct) | Today, we're going to solve another Hack the box Challenge called “Cascade” and the machine is part of the retired lab, so you can connect to the machine using your HTB VPN and then start to solve the CTF. This laboratory is of a medium level. Solving this lab is | Hack | ||
|
2021-01-18 08:18:51 | (Déjà vu) Bastard HackTheBox Walkthrough (lien direct) | Today we’re going to solve another boot2root challenge called “Bastard“. It’s available at HackTheBox for penetration testing practice. This laboratory is of an easy level, but with adequate basic knowledge to break the laboratories and if we pay attention to all the details we find during the examination it will | |||
|
2021-01-17 16:40:38 | Android Penetration Testing: WebView Attacks (lien direct) | Introduction Initially, there was a time when only HTML used to display web pages. Then came JavaScript and along came dynamic pages. Further down the line, some person thought opening dynamic pages within android applications was a good idea, hence, WebView came into the picture. But as the security guys | |||
|
2021-01-13 15:19:21 | Thick Client Pentest Lab Setup: DVTA (Part 2) (lien direct) | In the previous article, we have discussed the Lab setup of Thick Client: DVTA You can simply take a walkthrough by visiting here: – Thick Client Pentest Lab Setup: DVTA In this article, we are going to discuss how can we configure the DVTA application to connect to our server For this, I'm going to... Continue reading → | |||
|
2021-01-12 13:54:54 | ServMon HacktheBox Walkthrough (lien direct) | Today, we're going to solve another Hack the box Challenge called “ServMon” and the machine is part of the retired lab, so you can connect to the machine using your HTB VPN and then start to solve the CTF. This laboratory is of an easy level. Solving this lab is not that tough if have... Continue reading → | Hack | ||
|
2021-01-12 13:23:37 | (Déjà vu) Mango HackTheBox Walkthrough (lien direct) | Today we’re going to solve another boot2root challenge called “Mango“. It’s available at HackTheBox for penetration testing practice. This laboratory is of an easy level, but with adequate basic knowledge to break the laboratories and if we pay attention to all the details we find during the examination it will not be complicated. The credit... Continue reading → | |||
|
2021-01-11 14:09:03 | Burp Suite for Pentester: Burp\'s Project Management (lien direct) | A Burp project is basically a file over where we store and organize our work for a specific test. But what if you're working on a particular application and you might take days to test that? Today, in this article, we'll focus on the project types and the options featured by the burp suite professional... Continue reading → | |||
|
2021-01-11 11:46:18 | (Déjà vu) DevGuru: 1 Vulnhub Walkthrough (lien direct) | Today we're going to solve another boot2root challenge called “Devguru” and the credits go to Zayotic for designing one of the interesting challenges. It's available at VulnHub for penetration testing practice. This lab is not difficult if we have the right basic knowledge to break the labs and are attentive to all the details we... Continue reading → | |||
|
2021-01-09 15:50:58 | (Déjà vu) Omni HacktheBox Walkthrough (lien direct) | Today we’re going to solve another boot2root challenge called “Omni“. It’s available at HackTheBox for penetration testing practice. This laboratory is of an easy level, but with adequate basic knowledge to break the laboratories and if we pay attention to all the details we find during the examination it will not be complicated. The credit... Continue reading → | |||
|
2021-01-09 15:31:29 | Burp Suite for Pentester: Software Vulnerability Scanner (lien direct) | Not only the fronted we see or the backend we don't, are responsible to make an application be vulnerable. A dynamic web-application carries a lot within itself, whether it's about JavaScript libraries, third-party features, functional plugins and many more. But what, if the installed features or the plugins themselves are vulnerable? So, today in this... Continue reading → | Vulnerability | ||
|
2021-01-06 18:00:56 | Tabby HacktheBox Walkthrough (lien direct) | Today, we're sharing another Hack the box Challenge Walkthrough box: Tabby and the machine is part of the retired lab, so you can connect to the machine using your HTB VPN and then start to solve the CTF. The level of the Lab is set: Beginner to intermediate. Task: Capture the user.txt and root.txt flags.... Continue reading → | Hack | ||
|
2021-01-06 15:45:50 | Burp Suite for Pentester: Active Scan++ (lien direct) | Using Burp Suite as an automated scanner? Wondering right, even some pentesters do not prefer it, due to the fewer issues or the vulnerabilities it carries within. But what, if the burp scanner itself could identify the least common vulnerabilities along with core findings. So, today in this article we'll explore one of the most... Continue reading → | |||
|
2021-01-06 08:03:13 | CTF Collection Vol.1: TryHackMe Walkthrough (lien direct) | Today we're going to solve another Capture The Flag challenge called “CTF collection Vol.1 “. It's available at TryHackMe for penetration testing practice. This lab is not difficult if we have the right basic knowledge of cryptography and steganography. The credit for making this lab goes to DesKel, you can surf it from here. So, let's... Continue reading → | |||
|
2021-01-06 07:51:03 | Conceal HackTheBox Walkthrough (lien direct) | Today we’re going to solve another boot2root challenge called “Conceal“. It’s available at HackTheBox for penetration testing practice. This laboratory is of a difficult level, but with adequate basic knowledge to break the laboratories and if we pay attention to all the details we find during the examination it will not be complicated. The credit... Continue reading → | |||
|
2021-01-03 17:03:56 | Android Penetration Testing: Frida (lien direct) | Introduction Frida is a dynamic instrumentation toolkit that is used by researchers to perform android hooking (intercepting IPC and modifying it to make a function perform the desired function). Frida uses javascript to perform hooking since Android's native code and javascript both run on JIT compilation techniques, it can intercept its inter-process communication, add the... Continue reading → | |||
|
2021-01-01 16:27:56 | Thick Client Pentest Lab Setup: DVTA (lien direct) | Thick client applications are not new and have been around for many years and can be still easily found within a variety of organizations. Thick clients are majorly used across organizations for their internal operations and Just because of the adoption of Hybrid infrastructure architecture, thick-client applications become a better target for attackers. However, if... Continue reading → | |||
|
2020-12-31 13:22:43 | Burp Suite for Pentester: Turbo Intruder (lien direct) | Is fuzzing your favourite attack type, but you didn't enjoy it due to the low speed and high memory usage when you work over with some big dictionaries? So, today over with this article, we'll explore one of the fastest and the most reliable fuzzer “Turbo Intruder” – a burp suite extension that will dump... Continue reading → | |||
|
2020-12-29 13:42:50 | Burp Suite for Pentester: Burp Sequencer (lien direct) | Whenever we log into an application, the server issues a Session ID or a token, and all over from the internet we hear that the session ID we get is unique, but what, if we could guess the next unique session ID which the server will generate? Today, in this article we'll try to overtake... Continue reading → |
To see everything:
Our RSS (filtrered)
