The best practical guide for everyone who’d like to become an expert in penetration testing field!
TABLE OF CONTENT
Test Plant Activities by Mirko Raimondi
In his article the author describes the devices, with relatives both software installations and configurations, needed in order to realize a test plant which is able to realize a basic VoIP call. In particular he explains how to install and configure the currently most used free Private Branch eXchange (PBX), which is called Asterisk. Moreover, both the installation and configuration of two free softphone, X-Lite and ZoIPer which are respectively for Windows and Linux platform, are reported.
Telephone Tapping by Mirko Raimondi
This article will threat the methods used in order to inject malicious signal into the RTP altering the telephone conversation. The author will show how to accomplish this attack to the reader.
Diving into wireless networks by Mohamed Magdi
In this module we will know how to penetrate wireless networks, break wireless keys and analyze captured packets for juicy information. To be able to penetrate wireless network you need a wireless card which has the ability to inject wireless packets to the wireless access point and which has also a wide read range to be able to listen to a large number of wireless access point
We will discover how can we carry out another type of testing but against connected clients, so be ready to discover the wireless client side attacks. But at the beginning, let’s check some aircrack tools which are very useful and will help us through different scenarios.
Netsparker Web Application Scanner
Lab setup, install and configure Netsparker on Windows 7 VM by Christopher Petre
– Virtualbox installed
– Windows 7 x64 VM installed in Virtualbox
– Vmware player for Bee-box VM (BWAPP)
Penetration Testing Apps for Android Devices: how to capture and analyze network traffic on Android devices and extract sensitive information and files from a packet capture from an Android device
Penetration testing with Android Applications by Thomas Sermpinis
Mobile devices are quickly becoming the new desktop. Mobile device users demand access to corporate resources regardless of where they are located, and they want to be free to download their own personal apps and programs, too. With multiple mobile platforms to support and no administrative privileges on a mobile device, IT Security Administrators are faced with a new challenge. How can they secure a roaming mobile device against advanced attacks without compromising the user experience, draining the battery, or imposing such a strict set of security guidelines that employees choose to go rogue?
Journey In The World of The XSS: the mechanics behind Cross-Site Scripting vulnerabilities and attacks
How to detect the vulnerabilities used in XPS attacks by Francesco Perna
In this article we are going to illustrate how to detect and exploit the vulnerabilities behind this kind of attack over protocols different from HTTP, we will show how to use the network protocol analyzer and the packet manipulation software in order to detect and exploit the vulnerabilities. Feel free to use the tools you know best in order to apply these techniques during your work.
Session Hijakcing by Mirko Raimondi
In order to accomplish and explain these Wi-Fi techniques, the author has built an elementary test plant, which will be described in this section. The author uses a lap top device that has a Linux platform installed on; in particular the distro is currently the most used by Pen Tester, Kali. Moreover, the author needs to use network software for providing the 802.11x wireless. It will be the “Aircrack-ng” tool (which is used along with its utilities) and it belongs to the Pen Testing tools contained in Kali.