Collaborate Disseminate
I run an instance of a log aggregation product in the cloud, installed on a VM. I’ve strictly configured it’s networking settings, internal firewall, internal port redirection, strong admin password, valid HTTPS certificate, etc. The web i… Continue reading Verifying the security of SAML SSO
Background
In practicing pentesting a VM on Vulnhub I encountered an issue that is quite interesting with Brainpan. After initial access with a limited shell generated from a BoF exploit on a service running on port 9999, I did some basic … Continue reading Bash – SUID Program’s Child Process did not inherit Parent Process UID as EUID
I really need some help here. I have been having some strange things happening lately and wasn’t sure if someone was doing a de-authentification attack or someone had managed to hack my network. So today, I decided to download Wireless Net… Continue reading Have I been hacked ? Please help guys
We are integrating our services with 3rd party companies (ie customers are able to buy the products of third party companies on our platform). These companies are asking us to provide to their security teams a penetration test.
Although we… Continue reading How to share penetration tests results + remediation plan to third party companies without exposing one’s self
Through out my 3-4 months of looking for a hacker for hire service, I have been wiser and I think it best shared as knowledge is power . These are my findings so far:
Never hire a hacker that is either eager for upfront or full payment be… Continue reading How Not to Hire a HACKER
I am running Kali linux 2020.3 on VBox on Windows 10. I put my wireless card AWUS036ACH chipset Realtek RTL8812AU in monitor mode using airmon-ng start wlan0 X (by x i mean the number of channel AP is operating on). I am trying to crack WE… Continue reading How to obtain PRGA file using aireplay-ng chopchop or fragmentation attack
DAST is short for dynamic application security testing whereas SAST is static application security testing.
SAST is white-box testing while DAST is black-box testing, meaning SAST can (does?) use more information.
DAST tools are not langu… Continue reading How do DAST and penetration testing compare?
I was running a series of test attacks on my virtual test machine.
Here i had to set the RHOST option to the Ip-address of the target and LHOST to the Ip-address
of my local machine. I am certain that this works well locally because both m… Continue reading Do I need port forwarding for msfconsole remote target exploitation
I am supposed to do a test for AWS. But since AWS has limitations, probably also in the direction of DDoS and other points, what does a corresponding test scenario look like?
It is about a Magento instance that is integrated on AWS.
Do you… Continue reading OWASP ZAP: How to Test on AWS + Magento? Which guidelines must be observed?
I want to learn & want to move to the cybersecurity field as a penetration tester. Will data structures and algorithms help me to be a Penetration Tester? How it can be use full for a penetration tester?
Continue reading Will data structures and algorithms help me to be a the Penetration tester?