This package contains all magazine editions published by PenTest Magazine in 2019. Every issue is dedicated to different main topic, and contains various practical tutorials and articles on different offensive security aspects.
Please note that subscribers already have access to all of the products that are a part of this package.
Table of Contents
Our authors present step-by-step tutorials on how to configure a proper testing environment with your own resources. Also, what is equally important, they provide a reflection on the way of thinking that pentesters should apply. The content is composed of the materials suitable for beginning, intermediate, and advanced pentesters. Everyone should find something of interest to them.
In the current issue we would like to take a closer look at security of the Kubernetes system. As this open-source system is becoming more and more popular for container orchestration, we came up with an idea to present you the security perspective.
We are analyzing the concept of Security Operations Centers. Our contributors provided articles on various aspects of this crucial, centralized unit of organizational structure. We are happy to present you the technical case studies, the analysis of the role of automation in the functioning of SOCs, and some perspectives for their evolution in the future. The authors of this month’s content are experienced professionals who are working within the SOC framework, covering the topics based on their practical and academic background.
As usual, our authors provided the content related to the main theme of the issue . You can find really interesting articles on social engineering in fintech era, OSINT tools helpful in KYC/AML context, security of the FIX protocol, Amazon Web Services, and PCI DSS standard. Furthermore, there are other articles related to various fields of cybersecurity, among which the ‘Relation From Western Regional Collegiate Cyber Defense Competition in United States’ is highly recommended!
A closer look at three spheres of cybersecurity, which have been definitely gaining importance recently. First of them is ERP security. With the recent publications on 10KBLAZE PoC exploits for old SAP configurations, all eyes in the infosec world turned to risk of severe attacks directed to the most popular ERP software system. Our contributors will provide you with insight into SAP security - optimization, procedures, and regulations, and the security of E/C systems. Secondly, one of the highlights of this issue is the article on the topic of Insider Threats and a White Hat approach to it. Thirdly, we start our series of publications related to Threat Modeling, which is going to be continued in the next issue as well. Threat Modeling is a fascinating topic to study and - without any doubt - crucial to our readers.
Threat Modeling is undoubtedly one of the key aspects in a white hat’s day-to-day life. Having a mindset of profiling possible attack vectors is crucial in any infosecurity job. Recognition of potential threats, categorization and prioritizing, ability to look at the matters from a hypothetical attacking point of view is the essence of effective cyber protection. Our contributors provide you with general knowledge about this topic, as well as the most innovative projects and insights, presenting from various perspectives.
In the current issue we would like to take a closer look at the DDoS attacks - their history, mechanics, vectors used, mitigation and prevention methods. Even though this type of attacks has been a part of infosecurity landscape for more than twenty years, DDoS attacks still are considered one of the most notorious cyber threats by organizations around the world. Moreover, the damage caused by these attacks can be irreversible and impossible to recover from. Hundreds of DDoS attacks take place every day. The topic still needs to be researched and examined, as the DDoS threat landscape constantly evolves.
The two opening articles are related to the topic of Advanced Persistent Threats. Professor John Walker starts with presenting the interdependence of APTs and Advanced Evasion Techniques (AET). In the article he tries to answer the question why Persistent Threats and Evasions will not see any decline any time soon. Mariana Peycheva, in turn, presents the analysis of Advanced Persistent Threats and its methodology, giving a great overview the topic. As one of our reviewers said: “I wish that most of business leaders and managers would read this”.
Having Red and Blue teams working separately seems to not be as efficient as it could in some cases, the Purple Teaming approach as a blended cooperation of offensive and defensive seems to be a perfect answer. Our contributors provide you with thorough definitions on how to understand the phenomenon of Purple Teaming properly, as well as interesting articles and case studies on application of this methodology.
In this issue of our magazine we want to focus on the topic of binary exploitation, as we’ve heard from some of you that you need it! Our contributors will take you for the journey into this fascinating universe of text, data, and stack regions. If you’ve always wanted to find out more about buffer overflow, reverse engineering, useful tools and techniques, or even using Machine Learning in malware analysis, this issue is a perfect choice!
In the current issue our main topic is Cloud Security. We’ve decided to focus on this, as the market of cloud services is constantly developing in a very fast pace, which results in new challenges to the business, individual users, and cybersecurity.
This one is dedicated to the topic of Capture The Flag events. Participation in CTFs is the best way to practically learn the full scope of cybersecurity. No matter if you’re into red or blue teaming, OSINT, reverse engineering and binary exploitation, networking, steganography, or forensics, you will always benefit from taking part in CTF competitions. The business and educational value of Capture The Flag events will definitely keep on rising as well.