AppSec… OWASP Security Shepherd – Failure To Restrict Access Solution – LSB 7 Sep 20187 Sep 2018 What is Failure to Restrict URL Access Vulnerability/Threat? Failure to restrict URL access occurs in applications hide functionality from non-privileged users. In an application that fails to restrict URL access, administration…
AppSec… AV evading with Veil 29 Aug 201822 Nov 2019 One of the most important issues any hacker must address is how to get past security devices and remain undetected. These can include antivirus software, intrusion detection systems, firewalls, web…
AppSec… W3af walkthrough and tutorial 9 Aug 20189 Aug 2018 w3af (Web Application audit and attack framework) is a framework for auditing and exploitation of web applications. In this series of articles we will be looking at almost all the…
AppSec… The Best Hacking Books 2018 25 Jul 201825 Jul 2018 BY HACKING TUTORIALS ON FEBRUARY 2, 2018 One of the most popular and most asked questions since I’ve started this blog is if I can recommend some good hacking books to read…
AppSec… Python Scripting For The Ethical Hacker 21 Jun 20188 Sep 2019 Welcome back, my greenhorn hackers!I began this series on scripting awhile back to teach all aspiring hackers how to write some basic scripts for hacking and reconnaissance. Without developing some basic scripting skills,…
AppSec… Password cracking with John the Ripper 24 May 201810 Feb 2019 Introduction For those of you who haven't yet heard about John the Ripper (hereby called John for brevity), it is a free password cracking tool written mostly in C. Before…
Cyber Security… Build a Beginner Hacking Kit with the Raspberry Pi 3 Model B+ 23 Apr 20186 Feb 2020 The Raspberry Pi is a perfect way to start. In 2018, the Raspberry Pi 3 Model B+ was released featuring a better CPU, Wi-Fi, Bluetooth, and Ethernet built in. Our recommended Kali Pi kit…
#Metasploit… Metasploit | (Msfvenom) 24 Mar 20189 Nov 2019 Eluding and evading antivirus software and intrusion detection systems is one of the most critical tasks of the hacker.As soon as a new exploit is developed and discovered, the AV and IDS…
#career… Enterprise IT & Linux System Administration Training 2 Feb 20186 Feb 2018 Introduction to Linux Linux powers 94% of the world’s supercomputers, most of the servers powering the Internet, the majority of financial trades worldwide and a billion Android devices. In short,…
#Metasploit… Metasploit for the Aspiring Ethical Hacker, Part 3 (Payloads) – LSB 5 Dec 20176 Dec 2017 As you know, Metasploit is an exploitation framework that every hacker should be knowledgeable of and skilled at. It is one of my favorite hacking tools available. Let's take a closer look…
Attacks… Metasploit for the Aspiring Ethical Hacker, Part 2 1 Dec 201729 Jan 2019 Part 1 is here: https://linuxsecurityblog.com/2016/03/01/metasploit-for-the-aspiring-ethical-hacker-part-1/ In this second tutorial, we will look at some of the basic commands we can use in Metasploit. Although the Metasploit framework can appear daunting to…
AppSec… Exploiting CSRF under NoScript Conditions 22 Nov 201716 Mar 2019 CSRFs -- or Cross-Site Request Forgery vulnerabilities -- occur when a server accepts requests that can be “spoofed” from a site running on a different domain. The attack goes something like this:…
AppSec… OWASP Security Shepherd – Security Misconfiguration – Solution – LSB 2 Nov 201712 Dec 2019 Welcome back to another OWASP Security Shepherd solution. This challenge is called Security Misconfiguration. So we are given a Username and Password field and we can get the result key…
Entertainment… KRACKing WPA2 19 Oct 201719 Oct 2017 Our main attack is against the 4-way handshake of the WPA2 protocol. This handshake is executed when a client wants to join a protected Wi-Fi network, and is used to…
Exploits… nmap to Map Your Network 28 Aug 201728 Aug 2017 It is certainly well known that "hacker tools" can be used for many legitimate purposes. Nmap, the Network Mapper and security scanner is no exception. These days, it is used…
AppSec… Security Shepherd Solutions 20 Aug 201715 Oct 2018 The OWASP Security Shepherd project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic.…
Education… How To Use Netcat to Establish and Test TCP and UDP Connections 25 May 20162 Dec 2019 Introduction Linux is known for having a great number of mature, useful command line utilities available out of the box in most distributions. Skilled system administrators can do much of…
Android… Resources for Rooting your Android Device 11 May 201625 Jun 2020 As Android matures, the wide-open style of root access we may have grown used to with legacy versions has gone away. Because Android is designed for mobile devices, the focus…
AppSec… Pen Testing Web Browsers With BeEF 14 Mar 201628 Nov 2019 BeEF was developed by a group of developers led by Wade Alcorn. Built on the familiar Ruby on Rails platform, BeEF was developed to explore the vulnerabilities in browsers and…
#career… SQLMap – Testing With SQL Injection 12 Mar 20168 Oct 2021 Sqlmap is included in pen testing linux distros like kali linux, backtrack, backbox etc. On other distros it can be simply downloaded from the following url: http://sqlmap.org/. Since its written…
Penetration Testing AuthMatrix for Burp Suite 4 Mar 20164 Mar 2016 AuthMatrix a web authorisation testing tool built as an extension to Burp Suite that provides a simple way to test authorisation in web applications and web services. With AuthMatrix, testers…
#Metasploit… Metasploit for the Aspiring Ethical Hacker, Part 1 1 Mar 201614 May 2019 Metasploit was developed by HD Moore as an open source project in 2003. Originally written in Perl, Metasploit was completely rewritten in Ruby in 2007. In 2009, it was purchased…
Cyber Security… Turning Firefox Into a Pen Testing Tool 15 Feb 201618 Mar 2019 In this brief post, we are listing a few popular and interesting Firefox add-ons that are useful for penetration testers. These add-ons vary from information gathering tools to attacking tools.…
#career… Sniffing Access Points and Mac Addresses Using Python 4 Feb 201625 Aug 2019 Well, once again it’s time to do something interesting using python and reveal the power of python programming. We will learn how to use a library in python called Scapy.…
Attacks… Examination of the vulnerabilities of the Cisco IOS 3 Oct 201529 Sep 2019 Cisco's IOS is multiplatform, so, runs on many different devices. It is compatible with file servers, routers, LAN and WAN switches, ATM switches, personal computers and hubs and any device that…
Linux Security Blog 