PREVIEW: Best of 2020 - Pentestmag

PREVIEW: Best of 2020


Dear PenTest Readers,

2020 was a tough year for everyone, no doubt about it. Fortunately, it’s now approaching its end, and a transition to the new year is always a moment for new hope and improvement. Despite the unprecedented global difficulties, there are still some reasons to feel positive.

For us, these reasons are the magazine issues we managed to publish throughout the year. Every contributor brought great value to the general contents of our mag with each article published. Thanks to the authors we were able to deliver professionally written and diverse pieces of relevant cybersecurity of knowledge on a wide range of topics. 

We realize that there are readers who do not follow every publication, due to lack of time or any other reason, but are always into a nice compilation of “greatest hits” to be up-to-date with latest highlights. 

While all the authors deserve appreciation, we decided to prepare a special “Best of 2020” edition, which is a selection of 10 articles that enjoyed a particularly good reception among our readers. Inside, you will read about the most trendy topics, tools, and techniques, analyzed in different cybersecurity contexts, while always keeping up to the highest standards, being innovative and bringing an “out of the box” perspective to the analyzed matters.  

We hope you find this fine selection interesting, and that it helps you look forward to another year with so much needed optimism.

Thanks for being with us.

Without further ado,

Enjoy the reading!   

PenTest Magazine's Editorial Team

Get the full issue here

Table of Contents

Cloud Security Posture Management - Reducing the Attack Surface and Detecting Threats in the Cloud

by Yuri Diogenes

According to a survey conducted by Outpost24, 37% of the organizations that were surveyed have suffered a cyberattack on cloud environments due to the lack of basic cloud security hygiene. This is a very concerning problem, mainly after the CapitalOne breach, since technical reports have shown that most of the exploitation methods utilized took advantage of the lack of security hygiene. Security posture management for cloud workloads is based on three major pillars: prevention, detection and response. If one of those pillars is weak, the likelihood that one of your assets will get compromised is higher. The purpose of this article is to cover the general aspects of security posture management in the cloud, from security hygiene to threat detection.

Originally published at:

A Crash Course in Splunk and Security

by Jill Kamperides

Built to prevent you from having to scroll through log files until the end of time, Splunk makes data management actually kind of easy. Admittedly, Splunk comes with a learning curve, but that is because it is an absolute powerhouse of a tool. To even call it a tool is an understatement. This article will delve into what Splunk is, why you should care, and how it can make your organization that much more secure.

Originally published at:

Caldera: A Platform for Adversary Emulation

by prof. Fabrizio Bacardi, Emilio Panti

The paper introduces the main characteristics of CALDERA, an adversary emulation platform to evaluate the robustness of an IT system. We describe the plug-in architecture, the basic mechanisms of the platform as well as the various versions produced during the project. Some of the main plug-ins currently available are described.

Originally published at:

ATTPwn - Adversary Emulation Tool

by Pablo Gonzalez Perez, Fran Ramirez

ATTPwn is a tool designed to emulate opponents. The tool's goal is to bring emulation of a real threat closer to implementations using the techniques and tactics outlined in the MITRE ATT&CK framework. The idea is to emulate how a threat operates in an intrusion scenario, where the threat has succeeded. The application is geared towards Microsoft Windows systems by using the PowerShell command line, allowing the different techniques based on MITRE ATT&CK to be applied. Furthermore, the tool is designed to allow the emulation of adversaries for a Red Team exercise and to be able to verify the effectiveness and efficiency of controls in the organization in response to a real threat.

Originally published at:

Shadowbunny  - Leveraging Virtual Machines to Persist and Evade Detections

by Johann Rehberger

The Shadowbunny technique is a post-exploitation scenario. This means that an adversary has compromised a target and has administrative access. There is no vulnerability, per se, in any information described in this article. The fact that there is now evidence that adversaries use this technique for ransomware deployment means more light has to be put on this technique.

Originally published at:

OSINT for Pentesting

by Eva Prokofiev

During penetration testing, pentesters have to work with large amounts of information. Finding this information can be done using manual command-line methods. Doing it manually can take up lots of time as you’d also have to sort this data by yourself because it might not be in a preferable format. The second option is relying on open-source intelligence, or OSINT, which is the go-to method for most pentesters nowadays.

Originally published at:

Pentesting the Cloud

by Staford Titus

Pentesting has made bounds in line with the technical prowess. Clouds (no pun intended) abound in the networked skies and hence are susceptible to attacks just like any other server or network. Securing them has emerged as a priority since clouds contain large amounts of data that, if compromised, could prove disastrous, especially for companies that store all business data on them. Well, cloud pentesting is not the easiest, since a testing lab of sorts would be needed at the least, which, of course, could cost a lot based on the latest cloud pricings. Even if, overcoming all those shortcomings, you do get your hands on something of sorts, you would still need vulnerable instances and the knowledge to exploit them to practice.

Originally published at:

Mid-air Hacks Are Real. Stay Connected and Avoid Being Hacked

by Jhansi Jonnakuti

This article talks a little about how this communication works and dives into some facts that I came across in my research about how in-flight networks are hacked via tools like WIFI Pineapple, Reaver, etc., and how Ruben Santamarta performed reverse engineering to hack SATCOM terminals from the ground. Also, I’ll explain how we can keep ourselves from being a victim to these notorious hacks by taking some measures in advance when we connect to an open WIFI network.

Originally published at:

Leveraging Coverage-Guided Fuzzing to Find Exploitable Bugs

by Maksim Shudrak

As an example of coverage-guided fuzzing efficiency, Google OSS-Fuzz project, which relies on AFL and libfuzzer, discovered ~27000 new bugs in over 160 projects in the last few years by generating trillions of test cases per week. So far, AFL is the most effective fuzzer in the industry.

Originally published at:

Ransomware Prevention and Advanced Analysis

by Washington Almeida

When the ransomware WannaCry infested devices around the globe, in one of the biggest attacks in history, few professionals knew what to do to reach the cryptographic keys of the infection process. In this article, I invite PenTest Mag readers to follow me exploring the methodology to get the cryptographic keys and see what to do to avoid the damage caused by such attacks.

Originally published at:


July 23, 2021
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023