No products in the cart.
How Pen-testing Can Help Prevent Insider Threats
Anastasios Arampatzis Risks assessed during a penetration test (pen-test) generally focus on attacks outside the information system. Indeed, a classic …
PMIII, a Proxmark3 revisited (or how to make your device heavy)
When I first borrowed the Proxmark3.0 X from @unrooted, the tinkerer part of me decided to do something with it, …
AppSec Tales XII | XSS
INTRODUCTION The article describes how to test the application to find Cross-Site Scripting vulnerabilities. The advice in this article …
Crack SSH Private Key with John the Ripper
Crack SSH Private Key with John the Ripper by Anastasis Vasileiadis The SSH private key code should not be just …
Ettercap and middle-attacks tutorial
We have published new article about Ettercap. You can find it here: https://pentestmag.com/article-fun-ettercap/ In the computer world, an attack is a …
Metasploit Cheat Sheet
Metasploit Cheat Sheet by Tim Keary Widely reputed as the most used penetration testing framework, Metasploit helps security teams identify …
TOP 5 Latest Cyber Security Books (2017-2019) | Best & Latest Must-Reads For Any Aspiring or Seasoned Hacker
TOP 5 Latest Cyber Security Books (2017-2019) | Best & Latest Must-Reads For Any Aspiring or Seasoned Hacker by …
Hacking a Locked Windows 10 Computer With Kali Linux
Hacking a Locked Windows 10 Computer With Kali Linux by Graham Zemel, blog.grahamzemel.com TL;DR- A neat trick I learned to …
Julia: a Language for the Future of Cybersecurity
Julia: a Language for the Future of Cybersecurity by Shen Huang Julia 1.0 was released in 2018. It is a …
Formula Injection
Are you on the watch for malware within spreadsheet exports of your banking transactions? Or how about within a .CSV …
How I Hacked Into Your Corporate Network Using Your Own Antivirus Agent
How I Hacked Into Your Corporate Network Using Your Own Antivirus Agent by Angelo Ruwantha Recently I was busy with …
Exploiting blind SQL injections in 'UPDATE' and 'INSERT' statements without stacked queries by Sina Yazdanmehr
Overview The SQL injection attack was introduced around 1998 for the first time. This high-level risk vulnerability can be found …
Antivirus Evasion with Python
Antivirus Evasion with Python by Marcelo Sacchetin Summary When deploying defense in depth security controls for your organization, you are …
IoT Security: How to Search for Vulnerable Connected Devices
IoT Security: How to Search for Vulnerable Connected Devices by Dominique René When you read news about recently discovered vulnerabilities …
The Hard Life Of Exploit Developers
The Hard Life Of Exploit Developers by Florian Bogner Preface: Although this blog post is a companion post to a talk …
How to prepare and use Docker for web pentest by Júnior Carreiro
Introduction Docker is the world's leading software containerization platform. Using Docker we can create different environments for each Pentest type. …
Using the MITRE ATT&CK Navigator for Intelligence Gathering Pre-purple Teaming
Using the MITRE ATT&CK navigator for intelligence gathering pre-purple teaming by Eliza May Austin Purple teaming should always be intelligence-lead …
Red Teaming @ 10000 Feet
Red Teaming @ 10000 Feet by David Evenden There are many articles/books that are pro-Red Teaming, but I haven't seen …
Pentest: Scapy Cheat Sheet by SANS Institute
Scapy Cheat Sheet Pocket Reference Guide Ver. 0.2 by SANS Institute The content has been originally published at: https://pen-testing.sans.org/blog/2016/04/05/scapy-cheat-sheet-from-sans-sec560/?reply-to-comment=8562
WiFi Scanning Tools on Ubuntu 14.04
Dear PenTest Readers, Today we've got for you new article about WiFi Scanning Tools on Ubuntu 14.04 written by Majdi Chaouachi. …
The Holy Book of x86
"Are you such a dreamer to put the world to rights? I stay home forever where 2 and 2 always …
Exploiting The Entity: XXE (XML External Entity Injection)
History In the recent year, major tech giants, like Google, Facebook, Magento, Shopify, Uber, Twitter, and Microsoft, have undergone XML …
Pentest Notes - Approaching a Target
Pentest Notes - Approaching a Target by Eva Prokofiev A list that contains some notes on approaching a target during …
Pentesting an IOT Based Biometric Attendance Device
Pentesting an IOT Based Biometric Attendance Device by Gaurang Bhatnagar During one of the Red Team engagements, I got a …
Setting Up a Radio Frequency Penetration Testing Lab: A Comprehensive Guide
Introduction The advent of wireless technologies, from mobile phones to Wi-Fi, satellite communications, and even automobiles, has established radio frequencies …
CYBER THREAT INTELLIGENCE: A LIGHT THAT SHINES IN THE DIGITAL UNDERWORLD
INTRODUCTION In today's technology-driven world, cybersecurity has emerged as a key priority. However, just securing systems and data is no …
API Penetration Testing: Tools, Techniques and Security Practices
Overview As we live in a digital era with rapid development of Application Programming Interfaces (API), safeguarding your application data …
Honeypot Technology: Comparisons, Types and Importance for Cyber Security
Honeypot technology holds significant importance in today's technology-driven world, serving as a crucial tool for safeguarding networks and monitoring evolving …
Aerospace Cybersecurity: Satellite Hacking (W53)
This course is meant for anyone who wants to learn more about space-related cybersecurity specifically in relation to satellite systems. This course is meant for anyone of any skill level who is interested in expanding their skill set in satellite reconnaissance and vulnerability analysis.
AutoSec Pro: Vehicle Cybersecurity Mastery (W52)
AutoSec Pro is an immersive course diving into the world of automotive cybersecurity, providing an in-depth understanding of modern vehicle systems and their vulnerabilities. This cutting-edge course leverages a hands-on approach to exploit and mitigate potential threats while seamlessly integrating the ISO 21434 standard. Harness the power of innovation and technology as you spearhead the effort to safeguard the future of smart transportation.
Creating Advanced Ransomware with Golang (W51)
In this course, you will develop a hybrid ransomware using, that is, with two encryptions RSA and AES with a programming language that is gaining a lot of strength - Golang
Mastering Splunk: A Comprehensive Guide (W50)
"Mastering Splunk: A Comprehensive Guide" is a comprehensive and hands-on course that covers all aspects of the Splunk platform, from the fundamentals to advanced topics. The course is designed to provide students with the knowledge and skills to effectively use Splunk to analyze and visualize data in their personal and professional lives.
