Dear PenTest Readers!
We are extremely contented with our ability to present you this new StarterKit issue!
Previously, we have mainly focused on pentesting tools and attack scenarios. In StarterKit 3, you will also be able to find this kind of articles but we have decided to aim your attention towards more social solutions. Even though spending a lot of time alone with computer might seem very fun at the beginning, eventually you will extend the radius of your activity and find people of the same interests.
The issue is divided in five sections: For Real Beginners, Specific Guides, Tools, Attack Scenarios, For Employers. We hope that you will enjoy it!
Your PenTest Team.
FOR REAL BEGINNERS
Pivotal Basics for Every Beginner
By Chris Berberich
Pentesting is always very hard at the beginning. People often make really trivial mistakes. Steps and suggestions in this article will help you avoid most of them and conduct a proper pentest.
The Real Basic Article
By Milind Bhargava
There are a lot of skills which are necessary for good pentester. Do you think that you possess them all? Do you think that have all standard tools at your fingertips? Resolve your doubts!
Breaking into Security
By Frank J. Hackett
Although there is no absolute guide on getting a first pentesting job, this information will definitely help you. It is quite simple, but effective.
Getting a Name into the Pentesting Business – from Young Padawan to Jedi Master
By Christos Ventouris
Not a fan of Star Wars? Do not worry, you will not find any references inside the article. Instead you may learn how to promote yourself even faster than light(saber).
Introduction to Network Protocols
By Jörg Kalsbach
Lacking some key fundamentals related to IT Security? Network Protocols are certainly one of them. Let us start from the specific numbers and then show how they are related to the real world.
Tactical Fingerprinting With FOCA
By Pranshu Bajpai
Looking for new amazing ‘Reconnaissance’ or ‘Information gathering’ tools? Try FOCA which grabs documents and helps you extract the most important information.
Penetration Testing – The Open Source and Manual Way
By Fadli B. Sidek
Demonstration of using open source tools to enumerate, scan, research, and exploit a target machine without using commercial scanners and pentesting tools, such as Core Impact, Immunity Canvas, Qualys, and Nessus.
Owning the OS: Exploiting the Web Application through the XSS Loophole
By Chintan Gurjar
The article will teach you how the operating system can be owned through a simple XSS vulnerability. Attack is quite simple but sometimes may become really problematic.
Advanced Windows Exploitation through Buffer Overflow Vulnerability and Remote Code Python Scripting
By Manoj Kumar Singh
Performing an attack is often already hard enough, but here we decided to spice it up a little bit more. The article is not a step-by-step guide, because every pentester has to experiment and find new solutions even when there is not much information.
Smartphone Pentesting Could Save your Business
By Jane Andrew
Are you an owner of a company? If so, you cannot miss this article. It will help you improve your firm security and avoid unneccessary expenses.
Advanced Windows Exploitation through Buffer overflow vulnerability and Remote code Python scripting
By Manoj Kumar Singh
Whole description might seem a little bit messy, but it was written this way on purpose. Every pentester has to learn how to work with any given material and think outside the box.