NEWEST PENTEST OPEN – APRIL’S SUMMARY

Dear Readers,

We would like to present you the fourth issue of PenTest Open – a free monthly publication, which gives you the possibility to read some of our articles from the last month and from upcoming publications.
This time we present you a summary of the April’s publications.
You will find some tips from the first issue of PenTest StarterKit, advices from the TOOLS sections, and interesting analysis from PenTest Extra. Additionally, we have prepared for you two articles from an eBook onCyber Cecurity and one from the next PenTest Regular, both yet to be released. Let’s have a look at it!

INSIDE THE ISSUE:

A Road Map to Compromise a System
By Nitin Goplani
This article describes a few simple yet very powerful methods which can help an attacker get control of a system. A lot of web admins and programmers end up over looking some simple configuration checks which expose these vulnerabilities. In this article we will understand how to make use of these to get root on our target systems.

Introduction to Nmap Scripting Engine (NSE)
By Rebecca Wynn
Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Blind Command Line Injection
By Chris Duffy
Blind Command Line injection (BCLIi) is when a web application allows operating system commands to be executed through it with no confirmation of execution. BCLi is typically found on poorly coded applications that allow access to files or data through a web interface. Read this article to get more information about the BCLIi.

The Importance of End User Security Training 
By Terrance Stachowski
There is no question that today’s business world is geared towards, and reliant upon, information technology. As the buissnes world moves forward, heavily dependent upon IT solutions for daily operations, the landscape, and way of doing buissnes is considered the weakest link in a security program, and with the number of end users outweighing the number of security proffessionals, it is imperative they understand their role in security, and what they can do to help protect the organization.

Threat Assessment in Cyberwarfare and Cyberdeterrence
By William Slater
One of the main disadvantages of the hyper-connected world of the 21st century is the very real danger that countries, organizations, and people who use networks computer resources connected to the Internet face because they are at risk of cyberattacks that could result in anything ranging from denial service, to espionage, theft of confidential data, destruction of data, and/or destruction of systems and services. As a recognition of these dangers, the national leaders and military of most modern countries have now recognized that the potential and likely eventuality of cyberwar is very real.

U.S. Policy Appraisal Related to Cyberwarfare and Cyberdeterrence
By William Slater
It appears that President Obama and his Administration have an acute awareness of the importance of the cyberspace to the American economy and the American military. However, since we are already in some form of cyberwarfare that appears to be rapidly escalating, it remains to be seen what effects these cyberattacks and the expected forthcoming Executive Orders that address cybersecurity will have on the American people and our way of life.

Australian Penetration Testing Marker Analysis : Where is All the Revenue?
By Nick Ellsmore
An analysis of the Australian penetration testing market, looking at the market spend, and the ‘gap’ between the amount of testing calculated in dollar terms, and the number of testers in the market to deliver it.

Interview with Rod Soto
By PenTest Team
Rod Soto is a security researcher and board member of HackMiami. He is a regular speaker at hacking conferences all over the country on the topics of penetration testing tools and methods, as well as the topic of digital civil liberties. He will tell us about his experience in the pentest field.