Dear PenTest Readers,
We would like to present you with a free article compilation! It contains articles that are also available in the preview versions of our regular issues. This selection of practical tutorials on offensive security tools and techniques is a great compendium for every Red Teamer-to-be! No matter if you’re a beginner pentester or a more experienced one with a plan to get more into Red Teaming, this set of write-ups will definitely help you learn about the most important and relevant topics.
Inside, you’ll read about Active Directory Attack Scenarios, Cloud Environment Attacks, IoT Pentesting, Practical Tools for your Shodan Searches, Top 10 Tips for Burp Suite, SPYSE Tool for your Advanced OSINT Research, and much more!
All you need to do to obtain this excellent compendium is be registered on our website and download it free of charge! Create your account on pentestmag.com if you haven’t done so already and enjoy your reading :)
This magazine is free to download, just register as a free user and enjoy your reading!
Table of Contents
Top 10 Active Directory Attacks
by Harpreet Singh
In this article, we will be discussing a few cases of attacking Active Directory and see how we can gain partial or complete control of it. We will start with the technology and the features it has, followed by a bit of the architecture in general terms. Next we will be discussing the attack scenarios and the attack tree covering various AD attack methods and the mitigation strategies.
The article was published in "10 Year Anniversary" edition.
Top 10 Tips for Burp Suite
by Nairuz Abulhul
Burp Suite is a great analysis tool for testing web applications and systems for security vulnerabilities. It has so many great features to utilize during a pentesting engagement. The more you use it, the more you discover its handy features.
The article was published in "All About Burp Suite" edition.
Cybersecurity and the Automotive Industry: A Management Perspective
by Kurt Gollinger
Like any connected device, EV chargers face a variety of cyber threats. Attackers can target EV charging system hardware and software, apps for locating and paying for charging station services, and wireless communication links. Charging stations can be a conduit for DDoS attacks, ransomware, and data theft. Several vulnerabilities have already been identified in commercially available Extreme Fast Charging (XFC) systems that — if compromised — could inflict severe damage to power delivery systems and even threaten the power grid itself.
The article was published in "Automotive Security" edition.
A Cyber Safe Haven - A Secured Approach in Building an IoT Solution
by Mark Antwi Acquaisie
To draw the curtains, we need to rethink the IoT security approach especially with the expected launch of 5G wireless tech which is based on low latency, ultra-high speeds, and uninterrupted availability. Latest security trends must be always incorporated in the security design of any IoT build, taking into consideration the three core security triads namely, Confidentiality, Integrity and Availability, while using the purple team approach. Implementing these security techniques such as device and authentication management solutions, based on encryption techniques, with the expert knowledge mobilized as early as possible to medium and big companies or small project owners can prevent unauthorized access to data, devices, and software of any IoT build.
The article was published in "Latest Trends in IoT Pentesting" edition.
Three Scary Tools That Use the Shodan Search Engine
Shodan is a search engine very different from the classic search engines that we are used to. Indeed, when Google or Yahoo! crawl only for ports 80 (HTTP) and 443 (HTTPS) open and accessible on the world wild web, Shodan, crawls all the open ports from 1 to 65535. This means that Shodan, unlike any normal search engine, does not focus on searching for web pages but on collecting banners of services (server response to a request). These services include HTTP, HTTPS, FTP, SSH, Telnet, SNMP and SIP protocols.
The article was published in "Pentester's Guide 101" edition.
SPYSE: a Pentester’s OSINT Tool Ready for Advanced Research
by Jhansi Jonnakuti, Priyanka Boodidhi, and Joyce Munigety
Our main focus in this article is on the initial stage, common intelligence gathering, which includes discovering a person’s/organization’s digital footprint and performing digital investigations for penetration testing. The most problematic thing is gathering information from multiple resources/pages about the target within the organization/project. With this mode, Spyse caught the eye of pentesters for an advanced and innovative approach of information gathering. There are many tools that are helpful but without knowing its importance it would do no good to the users. So, in this article I would like to give a clear idea of Spyse and its key features. Still thinking? Give it a try!
The article was published in "OSINT on Pentest Targets" edition.
Advanced Techniques to Pentest Web and Mobile Applications Hosted in Cloud Environment
by Baalaaji S
The article presents a couple of test scenarios with attacks on weakly configured cloud services, including cloud infrastructure, cloud web application, and API Key in a mobile application.
The article was published in "AWS Pentesting" edition.
Malware Advanced Lab
by Bruno Rodrigues
Machine Learning (ML) is one of the newest computing resource “on the block” and one of multiple security applications that modern Security Analysts use on a day to day basis. Malware analysis is just one of the uses we can put into practice in a very easy and efficient way.
The article was published in "Build Your Own Pentest Lab in 2021" edition.
SaaS Security Checklist: Best Practices to Protect SaaS Application
by Mehul Rajput
When companies move their data and apps to the cloud, they experience the benefits of productivity enhancement and cost reduction against some security issues. And the mandatory work-from-home because of the COVID-19 pandemic increased the demand for SaaS apps. While SaaS is a fantastic software distribution model, easy to use, install, and configure in the cloud, companies face several issues. What are those issues? Cyber concerns like data breaches, malicious attacks, unauthorized access, etc., are mostly seen.
The article was published in "Post-Exploitation and SATCOM Pentesting" edition.
Content Security Policy and its Importance
by Cyril James
In essence, a CSP functions like a bouncer at a club. It allows that data that is deemed okay to pass. And prevents that data which is not. This protects the interests of your customers and increases their return rate to your website. But you need to know why your website could be vulnerable to such attacks in the first place. Your web application does not contain all the information it needs by itself. It often needs to obtain some data from a third-party source, such as Google. This works smoothly until an attacker uses a method called Cross-Site Scripting (XSS) to insert their malicious code.
The article was published in "Advanced WebApp Attacks" edition.