Building a Better Penetration Test Report
by Bill Mathews
Recently I’ve had the, ahem, pleasure of reading and reviewing a number of penetration test reports from various internal and third-party resources. For fear of getting someone into a good deal of trouble, my source shall remain nameless. My first thought was “wow, this is a wild and varied industry we are in.” My second thought was, “how is this stuff useful to someone trying to fix the issues found?” In the majority of the reports it wasn’t obvious what the problem even was, let alone what one would do to fix it. This is a pretty well known problem in the InfoSec industry as a whole, we tend to “overtalk” the problem.
FROM: PenTest Regular 01/2011

Pentesting Web Applications: The Process – Not Just another Report
by Rey Ayers
Pentesting Web Applications is usually conducted quarterly or on an annual basis by a third party vendor to ensure segregation and regulatory requirements are met. The level of testing would depend on the complexity of the application requiring specialized knowledge of the application and application development processes which can be very time consuming. These circumstances can result in varying costs in the scope of work. This article aims at describing the preperation to the test, as well as the process itself.
FROM: PenTest WebApp 01/2013 (TO BE RELEASED)

Operationalizing Penetration Testing Results Using Network Monitoring Software – All For Free
by Bill Mathews
Penetration testing these days is often done on a “one-off” basis, meaning companies do them once a month, once a quarter, or once a year and then never think about them again. I find that to be a shame and think that penetration testing can be an invaluable tool in vulnerability management when performed properly.
FROM: PenTest Regular 01/2011

Hacking as a Service
by Rob Muris and Trajce Dimkov
To gain insight into their security vulnerabilities, companies perform penetration tests on their websites and infrastructure. Mostly, the tests are performed ad hoc or maybe on a yearly basis. This is not sufficient due to the continuous change of the IT landscape and the new vulnerabilities discoveries. The question that rises is: how can companies keep their security exposure visible despite these changes? In this article, we focus on one possible answer to this: hacking as a service.
FROM: PenTest Regular 05/2013

What is Kali?
by Albert López
It’s a fact that these last years the BackTrack distribution has been the most used by security professionals and enthusiasts. Its path started right in 2006 and for seven years it was being improved while gaining its place in the security community. Therefore, nowadays it’s hard to find someone interested in computer security that has not heard about Backtrack.
FROM: PenTest Extra 04/2013

Kali Linux
by Kim Carter
When it comes to measuring the security posture of an application or network, the best defence against an attacker is offence. What does that mean? It means your best defence is to have someone with your best interests (generally employed by you). If we’re talking about your asset, assess the vulnerabilities of your asset and attempt to exploit them.
FROM: PenTest Extra 04/2013

Kali Linux on a Raspberry Pi
by Scott Christie
The Raspberry Pi is a small low cost computer originally designed as an educational tool to teach children about computing. The Raspberry Pi now has a large following of hobbyists and hackers using the little computer for various projects from home theater PCs to home appliance automation. While the Raspberry Pi does not have the greatest specs by contemporary computing standards, it does have a tiny form factor and at $35.00, it is hard to find a better value.
FROM: PenTest Extra 04/2013

by Milind Bhargava
A normal security admin may have a lab to test against basic security threats, but for those working in large corporations, can they be sure they can remain standing against something like conficker? I plan to build a custom conficker type worm and release it on my lab network.
FROM: PenTest Regular 06/2013 (TO BE RELEASED)

Phantom’s Cerebrum: Using Python to Work a Botnet
by Milind Bhargava
Imagine a ghost robot in every computer, working in the shadows; let’s call it the Phantom, performing tasks for its master. The master controls the ghosts through a master brain device; let’s call it the cerebrum, much like the device Prof Xavier had in the X-Men. That device could control the minds of mutants all over the world. In this case, the cerebrum controls the phantoms in each computer of my home and workplace.
FROM: PenTest Regular 05/2013

Penetration Testing and Security Assessments of SCADA Systems 
by SCADA Beast
Distributed Control Systems (DCS) and Supervisor Control and Data Acquisition (SCADA) systems present unique challenges to the security professional. Both systems typically operate in a 7/24/365 arena and typically do not allow for any downtime. Which security measures are necessary to maintain these systems? Find out in this article.
FROM: PenTest Auditing & Standards 02/2013


July 27, 2016
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013