Is it worth to study cybersecurity now?
I want to study pentest. But recently I read Cronus CyBot,Cymulate and PenTera, WPA3, WPA2-enterprice. That instruments destroys pentester work or make it impossible. So it is worth to me to learn it?
Category Archives: penetration-test
.local domain any possible ways in getting the extension
I was recently working on Broken link Hijacking and found a link in a target which reflected on multiple pages. It was portal.REDACTED.local which was not accessible and returned response as bad host.
So I never saw a extension that has .l… Continue reading .local domain any possible ways in getting the extension
Cybersecurity Tool Kit
The post Cybersecurity Tool Kit appeared first on Digital Defense, Inc..
The post Cybersecurity Tool Kit appeared first on Security Boulevard.
Continue reading Cybersecurity Tool Kit
Java – Ultra Light Client (ULC traffic inspection)
I’m working on security assessment of thick client application created using ULC. It is black box approach.
Based on wiki (wiki.c2.com): "Ultra Light Client (ULC) for Java is a widget set that enables a Swing Look and Feel for Servlet… Continue reading Java – Ultra Light Client (ULC traffic inspection)
Verifying the security of SAML SSO
I run an instance of a log aggregation product in the cloud, installed on a VM. I’ve strictly configured it’s networking settings, internal firewall, internal port redirection, strong admin password, valid HTTPS certificate, etc. The web i… Continue reading Verifying the security of SAML SSO
Bash – SUID Program’s Child Process did not inherit Parent Process UID as EUID
Background
In practicing pentesting a VM on Vulnhub I encountered an issue that is quite interesting with Brainpan. After initial access with a limited shell generated from a BoF exploit on a service running on port 9999, I did some basic … Continue reading Bash – SUID Program’s Child Process did not inherit Parent Process UID as EUID
Have I been hacked ? Please help guys
I really need some help here. I have been having some strange things happening lately and wasn’t sure if someone was doing a de-authentification attack or someone had managed to hack my network. So today, I decided to download Wireless Net… Continue reading Have I been hacked ? Please help guys
How to share penetration tests results + remediation plan to third party companies without exposing one’s self
We are integrating our services with 3rd party companies (ie customers are able to buy the products of third party companies on our platform). These companies are asking us to provide to their security teams a penetration test.
Although we… Continue reading How to share penetration tests results + remediation plan to third party companies without exposing one’s self
How Not to Hire a HACKER
Through out my 3-4 months of looking for a hacker for hire service, I have been wiser and I think it best shared as knowledge is power . These are my findings so far:
Never hire a hacker that is either eager for upfront or full payment be… Continue reading How Not to Hire a HACKER
How to obtain PRGA file using aireplay-ng chopchop or fragmentation attack
I am running Kali linux 2020.3 on VBox on Windows 10. I put my wireless card AWUS036ACH chipset Realtek RTL8812AU in monitor mode using airmon-ng start wlan0 X (by x i mean the number of channel AP is operating on). I am trying to crack WE… Continue reading How to obtain PRGA file using aireplay-ng chopchop or fragmentation attack