AppSec Tales XII | XSS
INTRODUCTION The article describes how to test the application to find Cross-Site Scripting vulnerabilities. The advice in this article …
Crack SSH Private Key with John the Ripper
Crack SSH Private Key with John the Ripper by Anastasis Vasileiadis The SSH private key code should not be just …
Fastly Subdomain Takeover $2000
Fastly Subdomain Takeover $2000 Bug Bounty — From zero to HERO by Alexandar Thangavel AKA ValluvarSploit WHOAMI My name is …
AppSec Tales X | SAML
AppSec Tales X | SAML by Karol Mazurek Application Security Testing of the SAML protocol guidelines. INTRODUCTION The article describes …
Ettercap and middle-attacks tutorial
We have published new article about Ettercap. You can find it here: https://pentestmag.com/article-fun-ettercap/ In the computer world, an attack is a …
TOP 5 Latest Cyber Security Books (2017-2019) | Best & Latest Must-Reads For Any Aspiring or Seasoned Hacker
TOP 5 Latest Cyber Security Books (2017-2019) | Best & Latest Must-Reads For Any Aspiring or Seasoned Hacker by …
Metasploit Cheat Sheet
Metasploit Cheat Sheet by Tim Keary Widely reputed as the most used penetration testing framework, Metasploit helps security teams identify …
Julia: a Language for the Future of Cybersecurity
Julia: a Language for the Future of Cybersecurity by Shen Huang Julia 1.0 was released in 2018. It is a …
How I Hacked Into Your Corporate Network Using Your Own Antivirus Agent
How I Hacked Into Your Corporate Network Using Your Own Antivirus Agent by Angelo Ruwantha Recently I was busy with …
Formula Injection
Are you on the watch for malware within spreadsheet exports of your banking transactions? Or how about within a .CSV …
Exploiting blind SQL injections in 'UPDATE' and 'INSERT' statements without stacked queries by Sina Yazdanmehr
Overview The SQL injection attack was introduced around 1998 for the first time. This high-level risk vulnerability can be found …
IoT Security: How to Search for Vulnerable Connected Devices
IoT Security: How to Search for Vulnerable Connected Devices by Dominique René When you read news about recently discovered vulnerabilities …
The Hard Life Of Exploit Developers
The Hard Life Of Exploit Developers by Florian Bogner Preface: Although this blog post is a companion post to a talk …
Antivirus Evasion with Python
Antivirus Evasion with Python by Marcelo Sacchetin Summary When deploying defense in depth security controls for your organization, you are …
Pentest: Scapy Cheat Sheet by SANS Institute
Scapy Cheat Sheet Pocket Reference Guide Ver. 0.2 by SANS Institute The content has been originally published at: https://pen-testing.sans.org/blog/2016/04/05/scapy-cheat-sheet-from-sans-sec560/?reply-to-comment=8562
Using the MITRE ATT&CK Navigator for Intelligence Gathering Pre-purple Teaming
Using the MITRE ATT&CK navigator for intelligence gathering pre-purple teaming by Eliza May Austin Purple teaming should always be intelligence-lead …
Red Teaming @ 10000 Feet
Red Teaming @ 10000 Feet by David Evenden There are many articles/books that are pro-Red Teaming, but I haven't seen …
How to prepare and use Docker for web pentest by Júnior Carreiro
Introduction Docker is the world's leading software containerization platform. Using Docker we can create different environments for each Pentest type. …
WiFi Scanning Tools on Ubuntu 14.04
Dear PenTest Readers, Today we've got for you new article about WiFi Scanning Tools on Ubuntu 14.04 written by Majdi Chaouachi. …
Exploiting The Entity: XXE (XML External Entity Injection)
History In the recent year, major tech giants, like Google, Facebook, Magento, Shopify, Uber, Twitter, and Microsoft, have undergone XML …
Pentest Notes - Approaching a Target
Pentest Notes - Approaching a Target by Eva Prokofiev A list that contains some notes on approaching a target during …
The Holy Book of x86
"Are you such a dreamer to put the world to rights? I stay home forever where 2 and 2 always …
Pentesting an IOT Based Biometric Attendance Device
Pentesting an IOT Based Biometric Attendance Device by Gaurang Bhatnagar During one of the Red Team engagements, I got a …
Zeus Scanner - Advanced dork searching
What is Zeus? Zeus is an advanced dork searching tool that is capable of bypassing search engine API calls, …
The Role of Secure Access Service Edge in Cybersecurity
Abstract: SASE (Secure Access Service Edge) is a comprehensive solution that aims to improve the security of an organization's network …
Top 6 CI/CD Security Best Practices to Follow
CI/CD falls under the category of DevOps, which is formed by amalgamating both practices of continuous integration and continuous delivery. …
Chatting with Rachael (ChatGPT) about Pentesting
by prof. Volker Skwarek, [email protected] In this interview, ChatGPT is challenged with the general subject of penetration testing. I wanted …
WiFi Hacking with Airgeddon on Kali Linux
Airgeddon is a popular, free, and open-source wireless security auditing tool that helps penetration testers locate and exploit vulnerabilities in …
The Most Notorious Bugs: SQL Injection & XSS (W49)
Enter a short description of the course.
OSINT Tools & TTPs for Pentesters and Red Teamers (W48)
In this course, Eva Prokofiev, the prominent expert in the CTI and OSINT areas, will share with you her know-how and point of view on how to examine a target not only from a "pentester's angle”, but also from other cybersecurity perspectives.
Become a Smart Bug Bounty Hunter (W47)
This course will cover the majority of the OWASP TOP 10 vulnerabilities as well as Web Application Penetration Testing. You will begin as a newbie with no previous experience in bug bounty hunting or penetration testing.
Mobile Ethical Hacking (W46)
This course will teach students the basics of mobile hacking and give real world examples on how such techniques can be used. It will also provide guidance on how to use the knowledge in security audits and bug bounty hunting.
New Edition
