On July 15th, 2020, some famous personalities started promoting a “Cryptocurrency scheme” through the Twitter platform. … [Read More...]
Featured Articles
How-To KVM and virt-manager to set up a Pentesting Lab on Debian
You may have already read our other articles, such as our Kali Linux VirtualBox Pentest Lab, which details how you can … [Read More...]
How To Take The Headache Out of Powershell
PowerShell is to Windows, what a terminal is to Linux. It’s a powerful automation and scripting tool that comes … [Read More...]
Latest Blog Updates
Loading...Insider Threats – Are They a Bigger Risk?
On July 15th, 2020, some famous personalities started promoting a “Cryptocurrency scheme” through the Twitter platform. The offer was to deposit Bitcoins to the specified accounts and get paid back in double. The scheme appealed many before it was busted by the security personnel at Twitter. Later, it was revealed that hackers managed to take control of Twitter accounts of some famous politicians and celebrities including EX-USA President Barack Obama, former vice president Joe Biden and CEOs of Amazon and Tesla companies. Although the hackers focused on stealing money through impersonation attack strategy, it … [Read More...]
What is all the fuss about F5 BIG-IP CVE-2020-5902
In a recent security update, the F5 networking equipment has been found vulnerable to Remote Code Execution (RCE) attack. The company provides a series of networking equipment collectively called BIG-IP devices. These devices are used as load balancers for servers handling requests for various applications. The affected BIG-IP devices include the following IP ranges. 11.6.1-11.6.5.1 12.1.0-12.1.5.1 13.1.0-13.1.3.3 14.1.0-14.1.2.5 15.0.0-15.1.0.3 According to the Common Vulnerability Scoring System (CVSS), the CVE-2020-5902 has a severity index of 10/10. To understand the vulnerability, we need to grasp … [Read More...]
How to Automate Web Reconnaissance Using Python Scripts
Reconnaissance is an important phase in penetration testing. The gathered information not only helps in unfolding vulnerabilities in target hosts but also sets a direction for the rest of the penetration testing cycle. This tutorial shows two quick ways of automating web reconnaissance with greater accuracy. FinalRecon is an open-source intelligence tool used for web-based reconnaissance projects. The tool can automatically detect and collect useful information about target domains. The tool has a modular structure with the following expandable reconnaissance features. WHOIS Information Header … [Read More...]
Auditing Servers and Web Applications Using Tishna Framework
Tishna is a Web penetration testing framework that has a number of open-source web auditing and information gathering modules to automate the penetration testing process. The current version of the framework has 62 scripts and payload options. The available scripts can be used to find some high-risk security issues including the following vulnerabilities. Cross Site Scripting (XSS) SQL injection Cross Site Request Forgery (CSRF) Server Side Request Forgery (SSRF) Cache poisoning Header injection XXE injection (blind, encoded, responsive) XML RPC vulnerabilities Cookies stealing … [Read More...]
How to Perform Black-box Security Testing with Jok3r Framework?
Jok3r is a web + network security assessment framework capable of automating many penetration testing tasks. The framework identifies network and web vulnerabilities and exploits the security flaws where possible. Jok3r performs these tasks by rendering the functionalities of integrated open-source penetration testing tools and scripts. The penetration results are stored in a database that can be accessed through an interactive shell. Network Security Assessment Jok3r has a number of network security assessment features, such as reconnaissance, vulnerabilities scanning, CVE lookup, and brute-forcing Product … [Read More...]
Like Us On Facebook
Become a Member
