Collaborate Disseminate
Offensive Security has released Kali Linux 2022.3, the latest version of its popular penetration testing and digital forensics platform. Packaged apps to set up test labs The Kali Team knows the importance of practicing instead of relying on theory, an… Continue reading Kali Linux 2022.3 released: Packages for test labs, new tools, and a community Discord server
If you’ve ever got stuck while trying to wrap your head around the differences between penetration testing and vulnerability scanning, read through to get the perfect breakdown.
The post Vulnerability scanning vs penetration testing: What’s the differe… Continue reading Vulnerability scanning vs penetration testing: What’s the difference?
By Owais Sultan
The Computer Technology Industry Association is known as CompTIA. Over 2,000 member groups and 3,000 business partners make…
This is a post from HackRead.com Read the original post: The top benefits of getting CompTIA Network+ cer… Continue reading The top benefits of getting CompTIA Network+ certification
Metasploit is the most used penetration testing framework. In this Help Net Security video, Spencer McIntyre, Lead Security Researcher at Rapid7, talks about how Metasploit enables defenders to always stay one step (or two) ahead of the game, and offer… Continue reading The past, present and future of Metasploit
In this Help Net Security video, Tony Lambert, Senior Malware Analyst at Red Canary, talks about how adversaries’ favorite tools are legitimate tools that are used for malicious purposes.
The post How adversaries are leveraging pentesting tools to laun… Continue reading How adversaries are leveraging pentesting tools to launch attacks
Kali Linux, the popular open source Linux distribution specialized for penetration testing, ethical hacking and security auditing, can now be used by Linode customers. Getting Kali Linux on Linode The infrastructure-as-a-service (IaaS) platform provide… Continue reading Linode + Kali Linux: Added security for cloud instances
Unauthenticated JavaScript Fun In prior blog posts I’ve shown the types of weaponized XSS attacks one can perform against authenticated users, using their session to access and exfiltrate data, or perform actions in the application as that user. But what if you only have unauthenticated XSS? Perhaps your client hasn’t provided you with credentials to…
The post Scraping Login Credentials With XSS appeared first on TrustedSec.
This blog post was co-authored with Charlie Clark at Semperis 1.1 Background of the ‘Diamond’ Attack One day, while browsing YouTube, we came across an older presentation from Blackhat 2015 by Tal Be’ery and Michael Cherny. In their talk, and subsequent brief, WATCHING THE WATCHDOG: PROTECTING KERBEROS AUTHENTICATION WITH NETWORK MONITORING, they outlined something we…
The post A Diamond in the Ruff appeared first on TrustedSec.
With global cyber crime costs expected to reach $10.5 trillion annually by 2025, it comes as little surprise that the risk of attack is companies’ biggest concern globally. To help businesses uncover and fix the vulnerabilities and misconfigurations af… Continue reading Mind the gap: How to ensure your vulnerability detection methods are up to scratch
If you Google “How often should I do penetration testing?”, the first answer that pops up is “once a year.” Indeed, even industry-leading standards like PCI-DSS dictate that external penetration testing be conducted annually (or after significant chang… Continue reading Once is never enough: The need for continuous penetration testing