penetration-test – Page 14 – WindowsTechs.com

How is Lateral Movement different from Pivoting?

Posted on July 16, 2021 by Muath

All i know is both of them use techniques to move from system to system

Continue reading How is Lateral Movement different from Pivoting?→

How to perform external network scans that will not cause DoS?

Posted on July 15, 2021 by Rohit

What are some tools or techniques that could be used in external network penetration testing to perform safe scans only that are designed to cause no DoS (Denial of Service) or other interruptions? Or what points should one have in mind?
T… Continue reading How to perform external network scans that will not cause DoS?→

Generating reports for penetration testing [closed]

Posted on July 15, 2021 by Rohit

How are findings from a penetration testing reported? Are there any websites
or resources providing penetration testing reports mostly from academic point of view

Continue reading Generating reports for penetration testing [closed]→

Why do we only pentest SMTP when pentesting an email server?

Posted on July 9, 2021 by user75058

I have just started learning "penetration testing" and I have been tasked to do black-box penetration testing of an email server.
So the query I wrote on Google was "email server pentesting checklist", so that I could f… Continue reading Why do we only pentest SMTP when pentesting an email server?→

How to pentest oAuth2/oidc clients

Posted on July 9, 2021 by rdmueller

imagine the following problem:
As a developer, I would like to check if my oAuth2 or OpenID Connect client is really secure.
I would like to check if it validates the JWT signature, uses the nonce etc.
While I can do these tests all manual… Continue reading How to pentest oAuth2/oidc clients→

Ruby on Rails, unrestricted file upload, RCE

Posted on July 8, 2021 by momola

I’m doing testing on Ruby on Rails application, not familiar with it at all.
During my testing I have discovered unrestricted file upload (without possibiltiy to manipulate path).
I have tested uploading many extensions to gain Remote Code… Continue reading Ruby on Rails, unrestricted file upload, RCE→

Tips on performing a web penetration testing on a static website

Posted on July 7, 2021 by new-to-networking

No idea where to begin, I would like to ask for tips, direction and approaches when it comes to performing such a web testing.
Source code analysis is not within scope for this test. I intend to run scanning tools (nmap, nikto, etc) on the… Continue reading Tips on performing a web penetration testing on a static website→

Good Web Hacking Books? [closed]

Posted on July 1, 2021 by LoneWolf47

I have trying to learn Web – App Hacking but struggling b/w books . So far , I have read
Web Application Hacker’s Handbook by Marcus Pinto.
Nice Book but I can’t do the practical .. I know about the PortSwigger Labs . But That Requires An … Continue reading Good Web Hacking Books? [closed]→

The Business Value of the Social-Engineer Phishing Service

Posted on June 18, 2021 by Social-Engineer

Phishing attacks continue to plague organizations across the globe with great success, but why? Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an…
The post The Business Value of t… Continue reading The Business Value of the Social-Engineer Phishing Service→

CSRF attack when form data isn’t parsed

Posted on June 17, 2021 by Dashiell Rose Bark-Huss

How can you do a CRSF attack on express if it only accepts JSON?
Sample Node app:
const express = require(‘express’);

const app = express();

app.use(express.json());

app.post(‘/item’, (req, res, next) => {
console.log(‘posting i… Continue reading CSRF attack when form data isn’t parsed→