We would like to proudly present you the newest issue of PenTest Open, which is free to download for everyone …Read More
Workshop’s eBook: Penetration Testing Apps for Android Devices. How to capture and analyze network traffic on Android devices
Understand the Android ecosystem and application architecture. Understand components of the Android data storage and security models. Identify specific threats and risks associated with the Android mobile platform. Perform a hands-on penetration test and reverse engineer an Android application. Use your powerfull Android device. Perform profetional security analysis of your network, or your business network, from point zero. Understand all the risks and vulnerabilities that your business network can have, how to find them, and how to secure them, with step-by-step tutorials.Read More
Inside IDS systems with SNORT and OSSIM: use your knowledge of network architecture and hardware to customize placement of IDS sensors and sniff traffic off the wire. Exploiting VoIP Systems: theoretical and practical aspects about VoIP attacks and relatives countermeasures. Journey In The World of The XSS: Impress your customers with awesome Proof of Concept far beyond the classic pop-up. Metasploit Framework: how to apply the incredible capabilities of the Metasploit Framework in a comprehensive penetration testing and vulnerability assessment regimen, according to a thorough methodology for performing effective tests.Read More
Workshop’s eBook: This issue will teach you how to do a professional security test. The ranges progress in difficulty and reflect an enterprise level architecture. There will be defenses to defeat and challenges to overcome. As the range levels increase you will encounter the top defenses of today and learn the latest evasion techniques.Read More
Workshop’s eBook: PenTest Advanced Training. Reconnaissance and information gathering, network scanning, SQL Injection, Cross-Site Scripting
Dear Reader, In this new issue, an advanced PenTest Training is introduced for you on the basis of our experts practical experiences. Our newly developed training includes main five modules in addition to the side tutorials as follows: Module 01 – Reconnaissance and information gathering Module 02 – Network Scanning: The Basics Module Module 03 – Exploitation Module Module 04 – Post exploitation Module Module 05 – Basics of SQL Injection for different databases Cross-Site Scripting tutorialRead More
PENTESTING TUTORIALS: LEARN “HOW TO”. The best practical guide for everyone who’d like to become an expert in penetration testing field!
The best practical guide for everyone who’d like to become an expert in penetration testing field! Exploiting VoIP Systems: understand the Session Initiation Protocol and Real Time Protocol; wireless Client side Attacks; how to capture and analyze network traffic on Android devices and extract sensitive information and files from a packet capture from an Android device; learn risk mitigation strategies, install and configure Kali Linux, and understand the penetration testing standards; Session Hijacking and more...Read More
This issue is very practical guide that will show you how to become an expert in that field. It includes ONLY practical materials! Inside, you will find a few interesting tutorials that will help you develop your skills: Sample Penetration Testing Report; Try to write your own rule for detecting concrete signatures in network traffic in SnortIDS or SurricataIDS; How to detect the vulnerabilities used in XSS attacks; Broken Authentication and Session Management; Deploy a fully sand boxed network running on Virtualbox to do all the testing you need; Configure and deploy a fully working Cisco Router and more...Read More
Workshop’s eBook: Inside IDS Systems with SNORT and OSSIM. Learn the principles of intrusion detection process, algorithms used in IDS
Install Snort by yourself and make sure of detecting basic attacks; configure and run open-source Snort and write Snort signatures; configure and run open-source Bro to provide a hybrid traffic analysis framework; use open-source traffic analysis tools to identify signs of an intrusion; write your own rule for detecting concrete signatures in network traffic in SnortIDS or SurricataIDS; test anomaly detection preprocessor for Snort – PHAD; install OSSIM (opensource SIEM) and setup it to collect events. Setup event correlation; write tcpdump filters to selectively examine a particular traffic trait; use the open-source network flow tool SiLK to find network behavior anomalies; use your knowledge of network architecture and hardware to customize placement of IDS sensors and sniff traffic off the wire.Read More
Workshop’s eBook: Exploiting VoIP Systems. Understand the Session Initiation Protocol and Real Time Protocol
Understand the Session Initiation Protocol and Real Time Protocol: This issue will introduce the VoIP world to the reader, with a particular focus on the network protocols used by VoIP systems and the security holes belonging to them. The reader will see both theoretical and practical aspects about VoIP attacks and relatives countermeasures. Several activities will be explained step by step in the following lessons. In particular, after this workshop the reader will be able to: setting up a Private Branch eXchange (PBX) – such as Asterisk – and softphones – such as ZoIPer and X-Lite -, in order to set up a basic VoIP telephone call between two end points; understanding the Session Initiation Protocol (SIP) and Real Time Protocol (RTP). These are the two main network protocol and they’re used by all VoIP systems; knowing about several VoIP attacks and performing some of that.Read More
Workshop’s eBook: Journey In The World of The XSS. The mechanics behind Cross-Site Scripting vulnerabilities and attacks.