Combining Data Loss Prevention and Penetration Testing for Robust Security
The digital frontier constantly evolves, creating a complex and challenging landscape. Cybersecurity reports predict a gloomy future: data breaches and …
Secret Scanner for Jira and Confluence: CVE-2023–22515 Defense in Depth
TLDR; Upgrade Confluence to a patched version and employ the open-source security scanner n0s1 to proactively address potential secret leaks. …
Cloud Security
Nowadays, with the evolution of technology, many companies are starting their journey as a cloud native company. They don’t work …
How Pen-testing Can Help Prevent Insider Threats
Anastasios Arampatzis Risks assessed during a penetration test (pen-test) generally focus on attacks outside the information system. Indeed, a classic …

Ettercap and middle-attacks tutorial
We have published new article about Ettercap. You can find it here: https://pentestmag.com/article-fun-ettercap/ In the computer world, an attack is a …
Metasploit Cheat Sheet
Metasploit Cheat Sheet by Tim Keary Widely reputed as the most used penetration testing framework, Metasploit helps security teams identify …
Hacking a Locked Windows 10 Computer With Kali Linux
Hacking a Locked Windows 10 Computer With Kali Linux by Graham Zemel, blog.grahamzemel.com TL;DR- A neat trick I learned to …
TOP 5 Latest Cyber Security Books (2017-2019) | Best & Latest Must-Reads For Any Aspiring or Seasoned Hacker
TOP 5 Latest Cyber Security Books (2017-2019) | Best & Latest Must-Reads For Any Aspiring or Seasoned Hacker by …
Julia: a Language for the Future of Cybersecurity
Julia: a Language for the Future of Cybersecurity by Shen Huang Julia 1.0 was released in 2018. It is a …
Formula Injection
Are you on the watch for malware within spreadsheet exports of your banking transactions? Or how about within a .CSV …
How I Hacked Into Your Corporate Network Using Your Own Antivirus Agent
How I Hacked Into Your Corporate Network Using Your Own Antivirus Agent by Angelo Ruwantha Recently I was busy with …
Exploiting blind SQL injections in 'UPDATE' and 'INSERT' statements without stacked queries by Sina Yazdanmehr
Overview The SQL injection attack was introduced around 1998 for the first time. This high-level risk vulnerability can be found …
Antivirus Evasion with Python
Antivirus Evasion with Python by Marcelo Sacchetin Summary When deploying defense in depth security controls for your organization, you are …
IoT Security: How to Search for Vulnerable Connected Devices
IoT Security: How to Search for Vulnerable Connected Devices by Dominique René When you read news about recently discovered vulnerabilities …
The Hard Life Of Exploit Developers
The Hard Life Of Exploit Developers by Florian Bogner Preface: Although this blog post is a companion post to a talk …
How to prepare and use Docker for web pentest by Júnior Carreiro
Introduction Docker is the world's leading software containerization platform. Using Docker we can create different environments for each Pentest type. …
Red Teaming @ 10000 Feet
Red Teaming @ 10000 Feet by David Evenden There are many articles/books that are pro-Red Teaming, but I haven't seen …
Using the MITRE ATT&CK Navigator for Intelligence Gathering Pre-purple Teaming
Using the MITRE ATT&CK navigator for intelligence gathering pre-purple teaming by Eliza May Austin Purple teaming should always be intelligence-lead …
Pentest: Scapy Cheat Sheet by SANS Institute
Scapy Cheat Sheet Pocket Reference Guide Ver. 0.2 by SANS Institute The content has been originally published at: https://pen-testing.sans.org/blog/2016/04/05/scapy-cheat-sheet-from-sans-sec560/?reply-to-comment=8562
The Holy Book of x86
"Are you such a dreamer to put the world to rights? I stay home forever where 2 and 2 always …
WiFi Scanning Tools on Ubuntu 14.04
Dear PenTest Readers, Today we've got for you new article about WiFi Scanning Tools on Ubuntu 14.04 written by Majdi Chaouachi. …
Exploiting The Entity: XXE (XML External Entity Injection)
History In the recent year, major tech giants, like Google, Facebook, Magento, Shopify, Uber, Twitter, and Microsoft, have undergone XML …
Pentest Notes - Approaching a Target
Pentest Notes - Approaching a Target by Eva Prokofiev A list that contains some notes on approaching a target during …
Pentesting an IOT Based Biometric Attendance Device
Pentesting an IOT Based Biometric Attendance Device by Gaurang Bhatnagar During one of the Red Team engagements, I got a …
The Importance of Supply Chain Security
The Importance of Securing the Supply Chain in the Global Business Environment The paramount importance of robust supply chain security …
AI in Cybersecurity: A Systematic Review and Research Agenda
Objective: Pioneering AI's Role in Cybersecurity This study explores how artificial intelligence (AI) transforms the world of cybersecurity and computer …
Subdomain Takeover – Security Risk, Impact, Automated Detection and Remediation
Abstract In the olden days, static websites were hosted on a server and the domain name DNS record was pointed …
Android SSL Pinning Bypass technique
What is SSLPinning? Ensuring secure communication is imperative during the development of mobile apps. This concern is addressed through the …

Aerospace Cybersecurity: Satellite Hacking (W53)
This course is meant for anyone who wants to learn more about space-related cybersecurity specifically in relation to satellite systems. This course is meant for anyone of any skill level who is interested in expanding their skill set in satellite reconnaissance and vulnerability analysis.
AutoSec Pro: Vehicle Cybersecurity Mastery (W52)
AutoSec Pro is an immersive course diving into the world of automotive cybersecurity, providing an in-depth understanding of modern vehicle systems and their vulnerabilities. This cutting-edge course leverages a hands-on approach to exploit and mitigate potential threats while seamlessly integrating the ISO 21434 standard. Harness the power of innovation and technology as you spearhead the effort to safeguard the future of smart transportation.
Creating Advanced Ransomware with Golang (W51)
In this course, you will develop a hybrid ransomware using, that is, with two encryptions RSA and AES with a programming language that is gaining a lot of strength - Golang
Mastering Splunk: A Comprehensive Guide (W50)
"Mastering Splunk: A Comprehensive Guide" is a comprehensive and hands-on course that covers all aspects of the Splunk platform, from the fundamentals to advanced topics. The course is designed to provide students with the knowledge and skills to effectively use Splunk to analyze and visualize data in their personal and professional lives.
