Collaborate Disseminate
I want to make a rule set to try all possible combinations of upper and lower case letters in a wordlist, let’s say the wordlist contains password , after applying the rule, john will try paSswOrd , PasswoRd , passWord and so on.. all poss… Continue reading john the ripper custom rules
What on-premises services or open-source tools do you use for gathering findings and putting it into a pdf-generated format?
I’m willing to stop using Word/Open Office for those purposes because it is really unhandy as pentest report gener… Continue reading Best tool for penetration test report generation [closed]
I am currently working on an assignment paper that asks how each type of fuzzing would work and in what use case they would be used.
I defined Feedback as a tool that would throw inputs which would deviate and check to see if those deviate… Continue reading In what use case would Mutational and Feedback fuzzing be used in?
I’ve stumbled across an article about pentest standards and among others there was one called Information System Security Assessment Framework (ISSAF) which attracted my attention. Maybe someone can bring me more information on this stand… Continue reading Information System Security Assessment Framework (ISSAF) out of date?
If a company doesn’t explicitly state that a tool or technique is out of scope, does that mean it’s okay to use that tool or technique?
I encrypted my Ubuntu Desktop 20.04.3 with LVM/LUKS during the installation process. If I turn off the computer, is the brute force the only attack available for getting the password and accessing the files? I think it doesn’t encrypt the … Continue reading Full disk encryption with LUKS?
A bounty hunter reached out to us to give us information about a security vulnerability in our company’s information systems. In our estimation, the risk of exploitation for this vulnerability is rather small, but nevertheless, we apprecia… Continue reading Anonymous unasked bounty hunter wants bounty for found issues
I created a basic website that includes a login and signup system. The website uses a mySQL server as the backend to store login information. I want to use Kali Linux to perform a white box test on it as a project for class.
Is this even p… Continue reading Can you perform a penetration test on a web application that is running on local host and using an XAMPP server? [closed]
I need to prepare my web app for a penetration test. The scenario is: If one of our windows users is hacked, what can the hacker do to my app and my database?
I have a virtual machine on our server, which holds a SQL Server Express and a d… Continue reading How to secure a SQL Server database (windows auth) against a network windows user (penetration test)
I work in a security/pentesting company and in the last year the demand for DDoS testing has dramatically increased. The issue is that the customer is not interested in what I call a mislabeled load test, but wants us to test the reaction … Continue reading How to test the reaction of an outsourced DDoS protection provider to a DDoS attack, similar to a red teaming engagement?