information gathering – WindowsTechs.com

CTF or Bug Bounty info gathering workflows [closed]

Posted on April 10, 2024 by AtomicFlee

What is the best way to get more information from the information-gathering stages/ reconnaissance when trying CTFs? Is there any workflow for a new cybersecurity student who knows some programming?
for example consider against virtual mac… Continue reading CTF or Bug Bounty info gathering workflows [closed]→

How to classify devices as different assets? [closed]

Posted on February 1, 2024 by Moad Ennagi

I’m working on integrating some scanners into one of our solutions. I need to be able to tell if a device is a:

desktop computer (in the sense of a computer used with an OS offering some GUI),
a server used as infrastructure,
a mobile dev… Continue reading How to classify devices as different assets? [closed]→

How can I pen test my .php website that I host on my local machine?

Posted on January 12, 2024 by can kaygısız

Pen testing my own .php website
Well, I’ve made some kind of forum type website where you can share posts comments and information. There is a login panel (/index.php) at first and it’s already secure enough to block users from entering &q… Continue reading How can I pen test my .php website that I host on my local machine?→

Trans canada grain agency limited stock certificate 1930 [closed]

Posted on November 21, 2023 by Jason Bishop

Please help me. Trans canada grain agency limited stock 1933 may

Continue reading Trans canada grain agency limited stock certificate 1930 [closed]→

Advice on more in depth web app info gathering phase

Posted on October 2, 2023 by XyronZ

I am a junior pentester currently working for a secure messaging app that includes a webclient. Only the subdomain is in scope and other subdomains are off-limits. Social engineering is also off limits as this is a staging server that mimi… Continue reading Advice on more in depth web app info gathering phase→

How do hackers find the ip address of router or networks they want to hack? [duplicate]

Posted on May 15, 2023 by EskimoJones

I’ve heard news of hackers in different countries being able to infiltrate networks in other countries. What I’m wondering is how these hackers find the ip addresses (without the use of phishing) of the routers, networks, or devices they w… Continue reading How do hackers find the ip address of router or networks they want to hack? [duplicate]→

How far can we go with deserialization vulnerabilities

Posted on December 31, 2022 by Galatic_1

I recently start to learning some Ethical Hacking, to do pentesting, and i was looking for some advices from the community and some techniques in "deserialization vulnerabilities" on web applications.

Continue reading How far can we go with deserialization vulnerabilities→

Is having the name of web server software in HTTP response header a serious problem?

Posted on October 25, 2022 by cipisek

How serious a security problem is it to have the name of the web server in the HTTP header (Apache, Nginx etc.)?
I am discussing this with a system administrator and he told me that deleting version is easy, but deleting the name of the se… Continue reading Is having the name of web server software in HTTP response header a serious problem?→

I gave my first name and alt email to someone I don’t know, will that reveal who I am?

Posted on July 29, 2022 by KeyMeerkat

So, I wanted to get this game (to try it as it had no demo), so I went to a website, did not click on anything except the link to the Google drive folder, and then stupidly requested access to a Google Drive folder using my alt Google acco… Continue reading I gave my first name and alt email to someone I don’t know, will that reveal who I am?→

whois, nslookup, recon-ng are Active or Passive recon? [closed]

Posted on June 23, 2022 by Private_eye_1412

Is whois, nslookup, recon-ng a form of Active reconnaissance or Passive reconnaissance?

Continue reading whois, nslookup, recon-ng are Active or Passive recon? [closed]→