AppSec… OWASP Security Shepherd – SQL Injection Solution – LSB 15 Sep 2018 A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data…
AppSec… Create a Back Door on DVWA with Kali, Netcat and Weevely – LSB 13 Sep 201814 Sep 2018 Welcome back my budding hackers. We hope you enjoy this security tutorial by our ethical hacker QuBits. Our network is below. We will be creating a backdoor in DVWA Command…
AppSec… OWASP Security Shepherd – Cross Site Scripting One Solution – LSB 12 Sep 201812 Sep 2018 Welcome back to LSB my budding hackers. Today's lesson is about Cross Site Scripting (Or XSS). Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected…
AppSec… OWASP Security Shepherd – Insecure Direct Object Reference Solution – LSB 10 Sep 2018 Welcome back to the Security Shepherd solutions from LSB. This was quite an interesting puzzle and it took a few tries to get the key. Insecure Direct Object Reference (called IDOR from here) occurs when…
AppSec… OWASP Security Shepherd – Failure To Restrict Access Solution – LSB 7 Sep 20187 Sep 2018 What is Failure to Restrict URL Access Vulnerability/Threat? Failure to restrict URL access occurs in applications hide functionality from non-privileged users. In an application that fails to restrict URL access, administration…
AppSec… AV evading with Veil 29 Aug 201830 Aug 2018 One of the most important issues any hacker must address is how to get past security devices and remain undetected. These can include antivirus software, intrusion detection systems, firewalls, web…
AppSec… W3af walkthrough and tutorial 9 Aug 20189 Aug 2018 w3af (Web Application audit and attack framework) is a framework for auditing and exploitation of web applications. In this series of articles we will be looking at almost all the…
AppSec… The Best Hacking Books 2018 25 Jul 201825 Jul 2018 BY HACKING TUTORIALS ON FEBRUARY 2, 2018 One of the most popular and most asked questions since I’ve started this blog is if I can recommend some good hacking books to read…
AppSec… Python Scripting For The Ethical Hacker 21 Jun 2018 Welcome back, my greenhorn hackers! I began this series on scripting awhile back to teach all aspiring hackers how to write some basic scripts for hacking and reconnaissance. Without developing some basic scripting…
AppSec… Password cracking with John the Ripper 24 May 201824 May 2018 Introduction For those of you who haven't yet heard about John the Ripper (hereby called John for brevity), it is a free password cracking tool written mostly in C. Before…
#career… Hackers Handbook In PDF Format – Full 5 Apr 20185 Apr 2018 Whether you are a security professional, student or just curious about application security, there is an amazing resource online that you can read and is an essential tool in the…
#Metasploit… Metasploit for the Aspiring Hacker | (Msfvenom) 24 Mar 2018 BY OCCUPYTHEWEB 01/12/2015 10:13 PM METASPLOIT BASICS Welcome back, my hacker novitiates! Eluding and evading antivirus software and intrusion detection systems is one of the most critical tasks of the hacker. As soon…
#career… Enterprise IT & Linux System Administration Training 2 Feb 20186 Feb 2018 Introduction to Linux Linux powers 94% of the world’s supercomputers, most of the servers powering the Internet, the majority of financial trades worldwide and a billion Android devices. In short,…
#Metasploit… Metasploit for the Aspiring Hacker, Part 4 (Armitage) 13 Jan 201814 Jan 2018 Welcome back, my hacker novitiates! As you know by now, the Metasploit Framework is one of my favorite hacking tools. It is capable of embedding code into a remote system and controlling it, scanning…
#Metasploit… Metasploit for the Aspiring Ethical Hacker, Part 3 (Payloads) – LSB 5 Dec 20176 Dec 2017 As you know, Metasploit is an exploitation framework that every hacker should be knowledgeable of and skilled at. It is one of my favorite hacking tools available. Let's take a closer look…
Attacks… Metasploit for the Aspiring Ethical Hacker, Part 2 1 Dec 20171 Dec 2017 Part 1 is here: https://linuxsecurityblog.com/2016/03/01/metasploit-for-the-aspiring-ethical-hacker-part-1/ In this second tutorial, we will look at some of the basic commands we can use in Metasploit. Although the Metasploit framework can appear daunting to…
AppSec… Exploiting CSRF under NoScript Conditions 22 Nov 201722 Nov 2017 CSRFs -- or Cross-Site Request Forgery vulnerabilities -- occur when a server accepts requests that can be “spoofed” from a site running on a different domain. The attack goes something like this:…
AppSec… OWASP Security Shepherd – Security Misconfiguration – Solution – LSB 2 Nov 20173 Nov 2017 Welcome back to another OWASP Security Shepherd solution. This challenge is called Security Misconfiguration. So we are given a Username and Password field and we can get the result key…
Entertainment… KRACKing WPA2 19 Oct 201719 Oct 2017 Our main attack is against the 4-way handshake of the WPA2 protocol. This handshake is executed when a client wants to join a protected Wi-Fi network, and is used to…
Exploits… nmap to Map Your Network 28 Aug 201728 Aug 2017 It is certainly well known that "hacker tools" can be used for many legitimate purposes. Nmap, the Network Mapper and security scanner is no exception. These days, it is used…
AppSec… Security Shepherd Solutions 20 Aug 201728 Aug 2017 The OWASP Security Shepherd project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic.…
Penetration Testing AuthMatrix for Burp Suite 4 Mar 20164 Mar 2016 AuthMatrix a web authorisation testing tool built as an extension to Burp Suite that provides a simple way to test authorisation in web applications and web services. With AuthMatrix, testers…
