Proudly and finally, we announce the release of the newest issue of PenTest Magazine Pentesting Tutorials: Learn "How To" so the best practical pill for everyone who’d like to become an expert in penetration testing field. LEARN HOW TO DO IT!
Table of content:
1) Exploiting VoIP Systems: understand the Session Initiation Protocol and Real Time Protocol. Test Plant Activities
by Mirko Raimondi
In his article the author describes the devices, with relatives both software installations and configurations, needed in order to realize a test plant which is able to realize a basic VoIP call. In particular he explains how to install and configure the currently most used free Private Branch eXchange (PBX), which is called Asterisk. Moreover, both the installation and configuration of two free softphone, X-Lite and ZoIPer which are respectively for Windows and Linux platform, are reported.
This article will threat the methods used in order to inject malicious signal into the RTP altering the telephone conversation. The author will show how to accomplish this attack to the reader.
3) Advanced Wireless Penetration Testing Course: how to do a professional security test . Diving into wireless networks
4) Wireless Client side Attacks
5) Netsparker Web Application Scanner. Lab setup, install and configure Netsparker on Windows 7 VM
- Windows 7 x64 VM installed in Virtualbox
- Vmware player for Bee-box VM (BWAPP)
6) Penetration Testing Apps for Android Devices: how to capture and analyze network traffic on Android devices and extract sensitive information and files from a packet capture from an Android device. Penetration testing with Android Applications
7) Journey In The World of The XSS: the mechanics behind Cross-Site Scripting vulnerabilities and attacks. How to detect the vulnerabilities used in XPS attacks
In this article we are going to illustrate how to detect and exploit the vulnerabilities behind this kind of attack over protocols different from HTTP, we will show how to use the network protocol analyzer and the packet manipulation software in order to detect and exploit the vulnerabilities. Feel free to use the tools you know best in order to apply these techniques during your work.
8) Wi-fi Pentesting Kali Linux: learn risk mitigation strategies, install and configure Kali Linux, and understand the penetration testing standards. Session Hijakcing
In order to accomplish and explain these Wi-Fi techniques, the author has built an elementary test plant, which will be described in this section. The author uses a lap top device that has a Linux platform installed on; in particular the distro is currently the most used by Pen Tester, Kali. Moreover, the author needs to use network software for providing the 802.11x wireless. It will be the “Aircrack-ng” tool (which is used along with its utilities) and it belongs to the Pen Testing tools contained in Kali.