pentesting – Page 9 – WindowsTechs.com

Sensitive Data Discovery in Email with MailSniper – Tradecraft Security Weekly #11

Posted on July 21, 2017 by Paul Asadoorian

The post Sensitive Data Discovery in Email with MailSniper – Tradecraft Security Weekly #11 appeared first on Security Weekly.

Continue reading Sensitive Data Discovery in Email with MailSniper – Tradecraft Security Weekly #11→

Situational Awareness with HostRecon – Tradecraft Security Weekly #7

Posted on June 21, 2017 by Paul Asadoorian

After exploiting a system on a remote & unfamiliar network it is extremely important to gain situational awareness as quickly, and quietly as possible. This will help ensure success moving forward with other attacks. In this episode of Tradecraft Security Weekly Beau Bullock (@dafthack) will show how to use PowerShell to query information about the […] Continue reading Situational Awareness with HostRecon – Tradecraft Security Weekly #7→

[SANS ISC] HTTP Headers… the Achilles’ heel of many applications

Posted on May 5, 2017 by Xavier

I published the following diary on isc.sans.org: “HTTP Headers… the Achilles’ heel of many applications“. When browsing a target web application, a pentester is looking for all “entry” or “injection” points present in the pages. Everybody knows that a static website with pure HTML code is less juicy compared to a

[The post [SANS ISC] HTTP Headers… the Achilles’ heel of many applications has been first published on /dev/random]

Continue reading [SANS ISC] HTTP Headers… the Achilles’ heel of many applications→

Andrew Macpherson on Intelligence Gathering with Maltego

Posted on January 17, 2017 by Chris Brook

Operations Manager at Paterva Andrew Macpherson outlines the details of the “Digital Intelligence Gathering using Maltego” course being offered at SAS 2017. Continue reading Andrew Macpherson on Intelligence Gathering with Maltego→

Andrew Macpherson on Intelligence Gathering with Maltego

Posted on January 17, 2017 by Chris Brook

[SANS ISC Diary] SNMP Pwn3ge

Posted on September 29, 2016 by Xavier

I published the following diary on isc.sans.org: “SNMP Pwn3ge“. Sometimes getting access to company assets is very complicated. Sometimes it is much easier (read: too easy) than expected. If one of the goals of a pentester is to get juicy information about the target, preventing the IT infrastructure to run

[The post [SANS ISC Diary] SNMP Pwn3ge has been first published on /dev/random]

Continue reading [SANS ISC Diary] SNMP Pwn3ge→

OIG Report Finds Vulnerabilities in Medicaid Services Agency

Posted on August 18, 2016 by Chris Brook

Vulnerabilities in Centers for Medicare & Medicaid Services could result in the disclosure of personally identifiable information and the “disruption of critical operations,” a government watchdog warned this week. Continue reading OIG Report Finds Vulnerabilities in Medicaid Services Agency→

Threatpost News Wrap, May 20, 2016

Posted on May 20, 2016 by Chris Brook

Mike Mimoso and Chris Brook discuss the news of the week, including a big LinkedIn breach, TeslaCrypt closing up shop, and a breakthrough in random number generation. The two also recap this week’s Source Conference in Boston.
Continue reading Threatpost News Wrap, May 20, 2016→