The Best of PenTest 2013

Dear PenTest Readers!

This time we would like to present to you The Best of Pentest 1/2013!

This year we presented you a lot of interesting topics. Each of our issue contains many amazing articles written by great professionals.

Do you think that you have missed something important? If so – now we are giving you a chance to read the best articles published this year! These are the articles that had the largest interest from the readers, which they considered the best and most amusing. Ones we want you to look at again, others – present. We hope that it will gain your interest again!

PenTest Team.

TABLE OF CONTENTS:

Pre-release !!!

Kali Linux

by BinaryMist

When it comes to measuring the security posture of an application or network, the best defence against an attacker is offence. What does that mean? It means your best defence is to have someone with your best interests (generally employed by you), if we’re talking about your asset, assess the vulnerabilities of your asset and attempt to exploit them.

 

Pentester’s Development Kit

AV Evasion: Bypassing AV Products and Protection Against It

By Fadli B. Sidek

AV evading techniques are getting better and smarter by the day, and having just an Anti-Virus and Anti-Spyware application is insufficient to protect our machines from additional angles of threats.

 

Become Well-Known Pentester Today

Getting a Name into the Pentesting Business – from Young Padawan to Jedi Master

By Christos Ventouris

Not a fan of Star Wars? Do not worry, you will not find references inside the article. Instead you may learn how to promote yourself even faster than light (saber).

 

BackTrack Compendium

Hacking Wireless in 2013. How to guide for everyone

By Terrance Stachowski

This article is a simple how-to guide for hacking wireless networks using BackTrack 5 R3, or Kali-Linux Penetration Testing Distributions offered by Offensive Security.

Multiphase Penetration Testing: Using BackTrack Linux, Metasploit and Armitage

By Lance Cleghorn

The EC Council identifies five stages of attack may be used to categorize incidences where a network or host has been compromised. Considering that these stages are common to real attacks, they are used by ethical hackers to conduct to penetration testing. An ethical hacker, or white-hat hacker, may use these steps in order or may selectively choose the steps that work best for their particular vulnerability.

 

How to Pentest Mobile Apps?

Pentesting of Android & iOS Apps – detailed analysis

By Francisco Caballero & Francisco Gonzalez

Today, due to the strong and increasing popularity of mobile devices, the demand and market for compatible applications has grown tremendously. With this growth there has been an elevated risk for vulnerabilities. This article focuses on the analysis of applicaations for Android and iOS.

 

Dive into the World of Pentesting

Intrusion Detection System - how to catch an attacker.

By Deepanshu Khanna

The number of Internet users is growing up. Almost everyone around the world is accessing the Internet. E-commerce and e-business are increasing by leaps and bounds. Therefore, the competition is becoming more and more important factor. So, the number of intrusion events grows side by side. That is way this article's focus area is how to catch an attacker.

 

Attack is the Best Defence

Current Threats to Web and other XML-based Services

ByChristian Mainka and Vladislav Mladenov

This article will give an overview of current threats to SOAP-based Web Services and other XML-based systems like SAML. The article covers attack techiques apart from Cross-Site-Scripting, SQL-Injection, which exploit the behavior of XML-characteristics, for example, an XML-parser or abuse weaknesses in Web Services standards. Furthermore, the author presents a novel tool for automatic Web Services penetration testing called WS-Attacker.

 

Basics of Pentesting

Professional Penetration Testing: How to Get Started?

By Francesco Perna

The first approach to penetration testing activities seems like black voodoo arts to anyone who hasn't ever considerer the computer security problems. The truth is that in these kind of activities no magic art is involved and no supernatural power is necessary in order to proceed. All you need for successful penetration testing is a fully functional “/dev/brain”, very specific technical preparation, strong knowledge of security testing methodologies, a little bit of fantasy and a lot of practice.

 

Networks Pentesting

Total System Compromise – threat analysis

By Gert Horne

As modern businesses we have to face a range of threats that need to be considerer on a daily basis. There are the nuances of opportunists, the insider misplacing data, the activists misguided motivation, the specialised financial criminal underground and the ever so popular state sponsored threats.

 

Social Engineering for Pentesters

Auditing the Thunders in the Cloud

By Tichaona Zororo

More companies the world over are adopting the cloud. According to Gartner (2010) the cloud market will be worth US $148.8 billion (about R1 trillion) by 2014. Gartner forecast the cloud growth rate to be about 20% per year.

 

SCADA – PenTest Auditing&Standards

Security Concern in “FemtoCell-Our own Base Station”

By Nitin Goplani

“Coverage” is a key term for all telecom operators. Providing coverage is always a challenge for them. Day by day mobile users are increasing and because of this growth mobile operators are very constraint for bandwidth.That's why we are facing coverage problem and sometimes unable to connect to mobile users in an emergency. The concept behind this problem is known as cell splitting.

 

SQLi Pentesting. How to Attack Web Page & Back-en DB?

SQL Injection, Netcat and Miscellaneous Techniques

By Enrique Sanchez

Internal applications usually are viewed as a lower risk on exploitaability as the number of people able to reach them is smaller thus “lowering the risk” for the application. This means internal applications may contain vulnerabilities that would be considered as “high” or “critical” on an Internet-facing application, but are marked as “medium” or even “low” since ability to leverage a vulnerability from the outside to reach the internal network would require the attacker to exploit multiple levels through “chaining” to get to the internal vulnerable application.

 

Interview with Precise Biometrics. Phishing attack with Social Engineering Toolkit (SET)

Setting up a Virtual Environment For Testing

By Manlio Frizzi

It's hard to have enough rack space, power and cooling, as it should be in a datacenter, at home to host physical servers and enterprise storages along with network and fabric switches: the best way to overcome this challenge is to build a virtual-virtual environment on a well equipped home personal computer. In this article you will find that not all the features will be available because some of those are hardware related. Anyway you will have enough material to test and experiment a lot.

Dear PenTest Readers!

This time we would like to present to you The Best of Pentest 2013!

This year, we have provided you with a lot of interesting topics. Each of our issues contains many amazing articles written by great professionals.

You didn't manage to read all of our issues? Nothing lost!

From each issue published in 2013, we chose one article, and thus created TBO 2013! The most interesting information and only the current ...

But that's not all! We have also prepared something special for you: 3 articles that have never been published!

They will be appearing in our magazine until January, but we give you the opportunity to read the most interesting ones now! Secure Coding, Cloud Pentesting, Analyze and Report. Interested? Open and find something for yourself!

Have a nice reading!