Collaborate Disseminate
Offensive Security has released Kali Linux 2023.2, the latest version of its popular penetration testing and digital forensics platform. New tools in Kali Linux 2023.2 Aside from updates for existing tools, a new Kali version usually comes with new too… Continue reading Kali Linux 2023.2 released: New tools, a pre-built Hyper-V image, a new audio stack, and more!
Building a custom cracking rig for research can be expensive, so penetration tester Max Ahartz built one on AWS. In this Help Net Security interview, he takes us through the process and unveils the details of his creation. What motivated you to underta… Continue reading Penetration tester develops AWS-based automated cracking rig
In its inaugural 2023 Offensive Security Vision Report, NetSPI unveils findings that highlight vulnerability trends across applications, cloud, and networks. Vulnerability patterns The report offers a look back — and forward — at some of the most signi… Continue reading Fresh perspectives needed to manage growing vulnerabilities
JavaScript is heavily used in almost all modern web applications. Knowing how to format a .js file, set breakpoints, and alter a script’s logic on the fly can be very helpful when working with web applications. To start, let’s navigate to a website and view the application’s resources. For our example, we are using the…
The post JavaScript Essentials for Beginning Pentesters appeared first on TrustedSec.
Continue reading JavaScript Essentials for Beginning Pentesters
Analyze the balance between gaining useful information and avoiding detection, detailing recon techniques that can be employed without compromising stealth. Rob Joyce, who at the time was Head of the NSA’s Tailored Access Operations group, had this great quote from a 2016 USENIX talk: “We put the time in to know that network. We put…
The post Walking the Tightrope: Maximizing Information Gathering while Avoiding Detection for Red Teams appeared first on TrustedSec.
Having small XSS payloads or ways to shorten your payloads ensures that even the smallest unencoded output on a site can still lead to account compromise. A typical image tag with a onerror attribute takes up around 35 characters by itself. <img src=1 onerror=”alert(‘XSS’)”> If you would like to prove you can steal credentials or…
The post Cross Site Smallish Scripting (XSSS) appeared first on TrustedSec.
THIS POST WAS WRITTEN BY @NYXGEEK Intro Password recovery tool hashcat ships with a bunch of great rules, but have you actually looked at them? Being familiar with the built-in rules can help enhance your cracking capabilities and enable you to choose the right rule or rule combination. via GIPHY So where are these rules anyways?…
The post Better Hacking Through Cracking: Know Your Rules appeared first on TrustedSec.
Continue reading Better Hacking Through Cracking: Know Your Rules
Introduction People have asked numerous times on Twitter, LinkedIn, Discord, and Slack, “Leo, how do I get into Detection Engineering?” In this blog, I will highlight my unique experience, some learning resources you might want to get your hands on (all free or low cost), and extras that have helped me overall. I’m currently a…
The post On the Road to Detection Engineering appeared first on TrustedSec.
Since moving to an offensive security role, I have always wanted to use SSH port forwarding through a Cisco router during a Penetration Test. However, the SSH implementation on a Cisco device does not provide the ability to customize the sshd_config file permitting port forwarding. Although there is the possibility of leveraging network address translation…
The post Cisco Hackery: TcL Proxy appeared first on TrustedSec.
1.1 Prerequisites As discussed in the previous blog post, an Android emulator was set up for testing a mobile application. Some of the most common tools were configured to see the application’s environment details and start probing for potential flaws. If you followed my previous post, you should now have a lab set up with…
The post Android Hacking for Beginners appeared first on TrustedSec.