Dear PenTest Readers!

We are extremely contented with our ability to present you this new StarterKit issue!

Previously, we have mainly focused on pentesting tools and attack scenarios. In StarterKit 3, you will also be able to find this kind of articles but we have decided to aim your attention towards more social solutions. Even though spending a lot of time alone with computer might seem very fun at the beginning, eventually you will extend the radius of your activity and find people of the same interests.

The issue is divided in five sections: For Real Beginners, Specific Guides, Tools, Attack Scenarios, For Employers. We hope that you will enjoy it!

Your PenTest Team.

FOR REAL BEGINNERS

Pivotal Basics for Every Beginner

By Chris Berberich

Pentesting is always very hard at the beginning. People often make really trivial mistakes. Steps and suggestions in this article will help you avoid most of them and conduct a proper pentest.

The Real Basic Article

By Milind Bhargava

There are a lot of skills which are necessary for good pentester. Do you think that you possess them all? Do you think that have all standard tools at your fingertips? Resolve your doubts!

Breaking into Security

By Frank J. Hackett

Although there is no absolute guide on getting a first pentesting job, this information will definitely help you. It is quite simple, but effective.

Getting a Name into the Pentesting Business – from Young Padawan to Jedi Master

By Christos Ventouris

Not a fan of Star Wars? Do not worry, you will not find any references inside the article. Instead you may learn how to promote yourself even faster than light(saber).

SPECIFIC GUIDES

Introduction to Network Protocols

By Jörg Kalsbach

Lacking some key fundamentals related to IT Security? Network Protocols are certainly one of them. Let us start from the specific numbers and then show how they are related to the real world.

TOOLS

Tactical Fingerprinting With FOCA

By Pranshu Bajpai

Looking for new amazing ‘Reconnaissance’ or ‘Information gathering’ tools? Try FOCA which grabs documents and helps you extract the most important information.

ATTACK SCENARIOS

Penetration Testing – The Open Source and Manual Way

By Fadli B. Sidek

Demonstration of using open source tools to enumerate, scan, research, and exploit a target machine without using commercial scanners and pentesting tools, such as Core Impact, Immunity Canvas, Qualys, and Nessus.

Owning the OS: Exploiting the Web Application through the XSS Loophole

By Chintan Gurjar

The article will teach you how the operating system can be owned through a simple XSS vulnerability. Attack is quite simple but sometimes may become really problematic.

Advanced Windows Exploitation through Buffer Overflow Vulnerability and Remote Code Python Scripting

By Manoj Kumar Singh

Performing an attack is often already hard enough, but here we decided to spice it up a little bit more. The article is not a step-by-step guide, because every pentester has to experiment and find new solutions even when there is not much information.

FOR EMPLOYERS

Smartphone Pentesting Could Save your Business

By Jane Andrew

Are you an owner of a company? If so, you cannot miss this article. It will help you improve your firm security and avoid unneccessary expenses.

Advanced Windows Exploitation through Buffer overflow vulnerability and Remote code Python scripting

By Manoj Kumar Singh

Whole description might seem a little bit messy, but it was written this way on purpose. Every pentester has to learn how to work with any given material and think outside the box.