PMIII, a Proxmark3 revisited (or how to make your device heavy)
When I first borrowed the Proxmark3.0 X from @unrooted, the tinkerer part of me decided to do something with it, …
AppSec Tales XII | XSS
INTRODUCTION The article describes how to test the application to find Cross-Site Scripting vulnerabilities. The advice in this article …
Crack SSH Private Key with John the Ripper
Crack SSH Private Key with John the Ripper by Anastasis Vasileiadis The SSH private key code should not be just …
Fastly Subdomain Takeover $2000
Fastly Subdomain Takeover $2000 Bug Bounty — From zero to HERO by Alexandar Thangavel AKA ValluvarSploit WHOAMI My name is …

Ettercap and middle-attacks tutorial
We have published new article about Ettercap. You can find it here: https://pentestmag.com/article-fun-ettercap/ In the computer world, an attack is a …
Metasploit Cheat Sheet
Metasploit Cheat Sheet by Tim Keary Widely reputed as the most used penetration testing framework, Metasploit helps security teams identify …
TOP 5 Latest Cyber Security Books (2017-2019) | Best & Latest Must-Reads For Any Aspiring or Seasoned Hacker
TOP 5 Latest Cyber Security Books (2017-2019) | Best & Latest Must-Reads For Any Aspiring or Seasoned Hacker by …
Julia: a Language for the Future of Cybersecurity
Julia: a Language for the Future of Cybersecurity by Shen Huang Julia 1.0 was released in 2018. It is a …
How I Hacked Into Your Corporate Network Using Your Own Antivirus Agent
How I Hacked Into Your Corporate Network Using Your Own Antivirus Agent by Angelo Ruwantha Recently I was busy with …
Hacking a Locked Windows 10 Computer With Kali Linux
Hacking a Locked Windows 10 Computer With Kali Linux by Graham Zemel, blog.grahamzemel.com TL;DR- A neat trick I learned to …
Formula Injection
Are you on the watch for malware within spreadsheet exports of your banking transactions? Or how about within a .CSV …
Exploiting blind SQL injections in 'UPDATE' and 'INSERT' statements without stacked queries by Sina Yazdanmehr
Overview The SQL injection attack was introduced around 1998 for the first time. This high-level risk vulnerability can be found …
IoT Security: How to Search for Vulnerable Connected Devices
IoT Security: How to Search for Vulnerable Connected Devices by Dominique René When you read news about recently discovered vulnerabilities …
The Hard Life Of Exploit Developers
The Hard Life Of Exploit Developers by Florian Bogner Preface: Although this blog post is a companion post to a talk …
Antivirus Evasion with Python
Antivirus Evasion with Python by Marcelo Sacchetin Summary When deploying defense in depth security controls for your organization, you are …
Pentest: Scapy Cheat Sheet by SANS Institute
Scapy Cheat Sheet Pocket Reference Guide Ver. 0.2 by SANS Institute The content has been originally published at: https://pen-testing.sans.org/blog/2016/04/05/scapy-cheat-sheet-from-sans-sec560/?reply-to-comment=8562
Using the MITRE ATT&CK Navigator for Intelligence Gathering Pre-purple Teaming
Using the MITRE ATT&CK navigator for intelligence gathering pre-purple teaming by Eliza May Austin Purple teaming should always be intelligence-lead …
Red Teaming @ 10000 Feet
Red Teaming @ 10000 Feet by David Evenden There are many articles/books that are pro-Red Teaming, but I haven't seen …
How to prepare and use Docker for web pentest by Júnior Carreiro
Introduction Docker is the world's leading software containerization platform. Using Docker we can create different environments for each Pentest type. …
WiFi Scanning Tools on Ubuntu 14.04
Dear PenTest Readers, Today we've got for you new article about WiFi Scanning Tools on Ubuntu 14.04 written by Majdi Chaouachi. …
Exploiting The Entity: XXE (XML External Entity Injection)
History In the recent year, major tech giants, like Google, Facebook, Magento, Shopify, Uber, Twitter, and Microsoft, have undergone XML …
Pentest Notes - Approaching a Target
Pentest Notes - Approaching a Target by Eva Prokofiev A list that contains some notes on approaching a target during …
The Holy Book of x86
"Are you such a dreamer to put the world to rights? I stay home forever where 2 and 2 always …
Pentesting an IOT Based Biometric Attendance Device
Pentesting an IOT Based Biometric Attendance Device by Gaurang Bhatnagar During one of the Red Team engagements, I got a …
Penetration Test Need-To-Know
What is a Penetration Test? A penetration test (also known as a pen test) is a simulated attack on an …
Could OpenAI's ChatGPT be a game-changer for United States intelligence agencies?
This revolutionary AI tool could help mission critical organizations develop and strengthen their cyber threat assessment and resiliency. Introduction The …
Methodology and tools used in API Testing Introduction
Introduction Performing pentests in APIs for many is a complex task, especially in some cases that do not have documentation …
API Security Common Mistakes
As per Rapid’s 4th annual State of APIs Report, 70% of developers indicate they will increase API usage this year, …

Creating Advanced Ransomware with Golang (W51)
In this course, you will develop a hybrid ransomware using, that is, with two encryptions RSA and AES with a programming language that is gaining a lot of strength - Golang
Mastering Splunk: A Comprehensive Guide (W50)
"Mastering Splunk: A Comprehensive Guide" is a comprehensive and hands-on course that covers all aspects of the Splunk platform, from the fundamentals to advanced topics. The course is designed to provide students with the knowledge and skills to effectively use Splunk to analyze and visualize data in their personal and professional lives.
The Most Notorious Bugs: SQL Injection & XSS (W49)
This course is designed for those who are looking to move their web application penetration skills to the next level! Working from scratch, this course aims to provide comprehensive knowledge of two of the most notorious and common vulnerabilities, SQL Injection and Cross Site Scripting.
OSINT Tools & TTPs for Pentesters and Red Teamers (W48)
In this course, Eva Prokofiev, the prominent expert in the CTI and OSINT areas, will share with you her know-how and point of view on how to examine a target not only from a "pentester's angle”, but also from other cybersecurity perspectives.
