Dear PenTest Readers!
This time we would like to present to you The Best of Pentest 1/2013!
This year we presented you a lot of interesting topics. Each of our issue contains many amazing articles written by great professionals.
Do you think that you have missed something important? If so – now we are giving you a chance to read the best articles published this year! These are the articles that had the largest interest from the readers, which they considered the best and most amusing. Ones we want you to look at again, others – present. We hope that it will gain your interest again!
TABLE OF CONTENTS:
When it comes to measuring the security posture of an application or network, the best defence against an attacker is offence. What does that mean? It means your best defence is to have someone with your best interests (generally employed by you), if we’re talking about your asset, assess the vulnerabilities of your asset and attempt to exploit them.
AV Evasion: Bypassing AV Products and Protection Against It
By Fadli B. Sidek
AV evading techniques are getting better and smarter by the day, and having just an Anti-Virus and Anti-Spyware application is insufficient to protect our machines from additional angles of threats.
Getting a Name into the Pentesting Business – from Young Padawan to Jedi Master
By Christos Ventouris
Not a fan of Star Wars? Do not worry, you will not find references inside the article. Instead you may learn how to promote yourself even faster than light (saber).
Hacking Wireless in 2013. How to guide for everyone
By Terrance Stachowski
This article is a simple how-to guide for hacking wireless networks using BackTrack 5 R3, or Kali-Linux Penetration Testing Distributions offered by Offensive Security.
Multiphase Penetration Testing: Using BackTrack Linux, Metasploit and Armitage
By Lance Cleghorn
The EC Council identifies five stages of attack may be used to categorize incidences where a network or host has been compromised. Considering that these stages are common to real attacks, they are used by ethical hackers to conduct to penetration testing. An ethical hacker, or white-hat hacker, may use these steps in order or may selectively choose the steps that work best for their particular vulnerability.
Pentesting of Android & iOS Apps – detailed analysis
By Francisco Caballero & Francisco Gonzalez
Today, due to the strong and increasing popularity of mobile devices, the demand and market for compatible applications has grown tremendously. With this growth there has been an elevated risk for vulnerabilities. This article focuses on the analysis of applicaations for Android and iOS.
Intrusion Detection System - how to catch an attacker.
By Deepanshu Khanna
The number of Internet users is growing up. Almost everyone around the world is accessing the Internet. E-commerce and e-business are increasing by leaps and bounds. Therefore, the competition is becoming more and more important factor. So, the number of intrusion events grows side by side. That is way this article's focus area is how to catch an attacker.
Current Threats to Web and other XML-based Services
ByChristian Mainka and Vladislav Mladenov
This article will give an overview of current threats to SOAP-based Web Services and other XML-based systems like SAML. The article covers attack techiques apart from Cross-Site-Scripting, SQL-Injection, which exploit the behavior of XML-characteristics, for example, an XML-parser or abuse weaknesses in Web Services standards. Furthermore, the author presents a novel tool for automatic Web Services penetration testing called WS-Attacker.
Professional Penetration Testing: How to Get Started?
By Francesco Perna
The first approach to penetration testing activities seems like black voodoo arts to anyone who hasn't ever considerer the computer security problems. The truth is that in these kind of activities no magic art is involved and no supernatural power is necessary in order to proceed. All you need for successful penetration testing is a fully functional “/dev/brain”, very specific technical preparation, strong knowledge of security testing methodologies, a little bit of fantasy and a lot of practice.
Total System Compromise – threat analysis
By Gert Horne
As modern businesses we have to face a range of threats that need to be considerer on a daily basis. There are the nuances of opportunists, the insider misplacing data, the activists misguided motivation, the specialised financial criminal underground and the ever so popular state sponsored threats.
Auditing the Thunders in the Cloud
By Tichaona Zororo
More companies the world over are adopting the cloud. According to Gartner (2010) the cloud market will be worth US $148.8 billion (about R1 trillion) by 2014. Gartner forecast the cloud growth rate to be about 20% per year.
Security Concern in “FemtoCell-Our own Base Station”
By Nitin Goplani
“Coverage” is a key term for all telecom operators. Providing coverage is always a challenge for them. Day by day mobile users are increasing and because of this growth mobile operators are very constraint for bandwidth.That's why we are facing coverage problem and sometimes unable to connect to mobile users in an emergency. The concept behind this problem is known as cell splitting.
SQL Injection, Netcat and Miscellaneous Techniques
By Enrique Sanchez
Internal applications usually are viewed as a lower risk on exploitaability as the number of people able to reach them is smaller thus “lowering the risk” for the application. This means internal applications may contain vulnerabilities that would be considered as “high” or “critical” on an Internet-facing application, but are marked as “medium” or even “low” since ability to leverage a vulnerability from the outside to reach the internal network would require the attacker to exploit multiple levels through “chaining” to get to the internal vulnerable application.
Setting up a Virtual Environment For Testing
By Manlio Frizzi
It's hard to have enough rack space, power and cooling, as it should be in a datacenter, at home to host physical servers and enterprise storages along with network and fabric switches: the best way to overcome this challenge is to build a virtual-virtual environment on a well equipped home personal computer. In this article you will find that not all the features will be available because some of those are hardware related. Anyway you will have enough material to test and experiment a lot.
This time we would like to present to you The Best of Pentest 2013!
This year, we have provided you with a lot of interesting topics. Each of our issues contains many amazing articles written by great professionals.
You didn't manage to read all of our issues? Nothing lost!
From each issue published in 2013, we chose one article, and thus created TBO 2013! The most interesting information and only the current ...
But that's not all! We have also prepared something special for you: 3 articles that have never been published!
They will be appearing in our magazine until January, but we give you the opportunity to read the most interesting ones now! Secure Coding, Cloud Pentesting, Analyze and Report. Interested? Open and find something for yourself!
Have a nice reading!