AppSec… OWASP Security Shepherd- Session Management Challenge One – Solution – LSB 12 Oct 201812 Oct 2018 We have another solution in the OWASP Security Shepherd challenges and we enjoyed completing this one. You can find out about Session Management from OWASP here. So let's get on…
AppSec… Penetration Testing – Complete Guide 10 Oct 201810 Oct 2018 What is Penetration Testing? It’s the process to identify security vulnerabilities in an application by evaluating the system or network with various malicious techniques. The weak points of a system…
Attacks… The Evil Twin Attack 8 Oct 2018 By Matthew Cranford I searched through many guides, and none of them really gave good description of how to do this. There’s a lot of software out there (such as…
AppSec… OWASP Security Shepherd – Failure To Restrict Access Solution – LSB 27 Sep 201827 Sep 2018 Am I Vulnerable To 'Failure to Restrict URL Access'? The best way to find out if an application has failed to properly restrict URL access is to verify every page. Consider for…
AppSec… OWASP Security Shepherd – Insecure Cryptographic Storage Challenge 1 Solution – LSB 21 Sep 2018 Thanks for visiting and today we have another OWASP Security Shepherd Solution for you. This time it's the Insecure Cryptographic Storage Challenge. Cryptography is usually the safest way to communicate…
AppSec… Create a Back Door on DVWA with Kali, Netcat and Weevely – LSB 13 Sep 201821 Sep 2018 Welcome back my budding hackers. We hope you enjoy this security tutorial by our ethical hacker QuBits. Our network is below. We will be creating a backdoor in DVWA Command…
AppSec… OWASP Security Shepherd – Insecure Direct Object Reference Solution – LSB 10 Sep 2018 Welcome back to the Security Shepherd solutions from LSB. This was quite an interesting puzzle and it took a few tries to get the key. Insecure Direct Object Reference (called IDOR from here) occurs when…
AppSec… OWASP Security Shepherd – Failure To Restrict Access Solution – LSB 7 Sep 20187 Sep 2018 What is Failure to Restrict URL Access Vulnerability/Threat? Failure to restrict URL access occurs in applications hide functionality from non-privileged users. In an application that fails to restrict URL access, administration…
AppSec… AV evading with Veil 29 Aug 201822 Sep 2018 One of the most important issues any hacker must address is how to get past security devices and remain undetected. These can include antivirus software, intrusion detection systems, firewalls, web…
Android Security… How To Find And Delete Where Google Knows You’ve Been 14 Aug 201814 Aug 2018 Even if “Location History” is off on your phone, Google often still stores your precise location Here are some things you can do to delete those markers and keep your location…
AppSec… W3af walkthrough and tutorial 9 Aug 20189 Aug 2018 w3af (Web Application audit and attack framework) is a framework for auditing and exploitation of web applications. In this series of articles we will be looking at almost all the…
AppSec… The Best Hacking Books 2018 25 Jul 201825 Jul 2018 BY HACKING TUTORIALS ON FEBRUARY 2, 2018 One of the most popular and most asked questions since I’ve started this blog is if I can recommend some good hacking books to read…
AppSec… Honeyd Tutorial Part 1, Getting Started 25 Jun 201825 Jun 2018 This series of articles will focus on honeypots using an application called honeyd. There are a number of honeypot solutions out there but I personally feel like honeyd is a great…
AppSec… XSS in Canopy login page 21 Jun 201821 Jun 2018 [Description] CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by low-privileged users against higher-privileged users.This instance of stored cross-site scripting (XSS) vulnerability could…
Cyber Security… Kubernetes for Developers (LFD259) 17 Jun 201827 Jun 2018 Get advanced knowledge of application development using Kubernetes with training from The Linux Foundation! Kubernetes is a high-velocity open source orchestration tool to deploy, scale, and update containerized applications. This course…
Cloud Security… 10% Off Linux Programming & Development Training 27 May 2018 Promotion Details 10% Off any Linux Programming & Development Training courses Promo code: MEMORIAL10 Starts: May 28th at 12:00 AM Ends: May 28th at 11:59 PM Linux Memorial Day Sale…
AppSec… Stealing Signal Conversations from a MacBook 27 May 2018 Developed by Open Whisper Systems, Signal is a free, open-source encrypted communications app for both mobile and desktop devices that allows users to make voice calls, send instant messages, and even make…
AppSec… Password cracking with John the Ripper 24 May 201824 May 2018 Introduction For those of you who haven't yet heard about John the Ripper (hereby called John for brevity), it is a free password cracking tool written mostly in C. Before…
Crypto Currency… VOISE – Once in a generation the whole game changes 2 May 2018 VOISE is a blockchain powered anonymous decentralized platform with personalized token based on Ethereum's smart contract ecosystem for transactions. VOISE is an innovative cryptocurrency powered solution for the music industry…
#career… Hackers Handbook In PDF Format – Full 5 Apr 20185 Apr 2018 Whether you are a security professional, student or just curious about application security, there is an amazing resource online that you can read and is an essential tool in the…
Cyber Security… How Does Ransomware Work? 31 Mar 2018 May 12, 2017 / RYAN MURPHY Ransomware is similar to other malware in that it installs itself on a computer and runs in the background without the user’s knowledge. But unlike malware that hides and…
#Metasploit… Metasploit for the Aspiring Hacker | (Msfvenom) 24 Mar 2018 BY OCCUPYTHEWEB 01/12/2015 10:13 PM METASPLOIT BASICS Welcome back, my hacker novitiates! Eluding and evading antivirus software and intrusion detection systems is one of the most critical tasks of the hacker. As soon…
Cloud Security… 15% Off Enterprise IT & Linux System Admin 12 Feb 2018 Starting February 12, we’re offering 15% off any Enterprise IT & Linux System Administration Training courses. Check out the full details below: Promotion Details15% off any Enterprise IT & Linux…
#career… Enterprise IT & Linux System Administration Training 2 Feb 20186 Feb 2018 Introduction to Linux Linux powers 94% of the world’s supercomputers, most of the servers powering the Internet, the majority of financial trades worldwide and a billion Android devices. In short,…
Cyber Security… Removing Network Malware 1 Feb 20182 Feb 2018 To disinfect a local network of a malware outbreak, follow the step-by-step instructions below. 1. Quarantine the Network Disconnect the local network from the Internet immediately as a precautionary measure against further…
Attacks… Removing Chrome Adware 30 Jan 201830 Jan 2018 Here are couple of suggestions. When I mention commands, those are to be issued in command-line aka terminal , which you can access by pressing CtrlAltT Remove google-chrome related folders,…
#Metasploit… Metasploit for the Aspiring Hacker, Part 4 (Armitage) 13 Jan 201814 Jan 2018 Welcome back, my hacker novitiates! As you know by now, the Metasploit Framework is one of my favorite hacking tools. It is capable of embedding code into a remote system and controlling it, scanning…
Data Mining… How To Get Started In Trading Crypto Currency 4 Jan 20184 Jan 2018 As my readers probably know crypto currency is taking over the World. Even banks are getting in on it now. I'd like to share some decent advice to my followers…
AppSec… Spamming Facebook Messages 3 Jan 201811 Apr 2018 We have reported this bug to Facebook and they replied asking "How is this different than hitting the message button?" If you want to spam everyone in the World that…
Cryptography… GPG on Linux 9 Dec 2017 1 Introduction Encryption is the process of encoding messages or information in such a way that only authorized parties can read them. With almost no privacy in this digital generation…
#Metasploit… Metasploit for the Aspiring Ethical Hacker, Part 3 (Payloads) – LSB 5 Dec 20176 Dec 2017 As you know, Metasploit is an exploitation framework that every hacker should be knowledgeable of and skilled at. It is one of my favorite hacking tools available. Let's take a closer look…
Attacks… Metasploit for the Aspiring Ethical Hacker, Part 2 1 Dec 20171 Dec 2017 Part 1 is here: https://linuxsecurityblog.com/2016/03/01/metasploit-for-the-aspiring-ethical-hacker-part-1/ In this second tutorial, we will look at some of the basic commands we can use in Metasploit. Although the Metasploit framework can appear daunting to…
Cyber Security… Linux Log Files | LSB 1 Dec 20174 Dec 2017 I am a new Linux user. I would like to know where are the log files located under Debian/Ubuntu or CentOS/RHEL/Fedora Linux server? How do I open or view log…
#career… Security and Linux 30 Nov 201730 Nov 2017 As Linux users we have some inherent advantages over our fellow Windows users when it comes to security (or lack there of). Hackers, rather like gamblers, use the laws of…
Attacks… Hackers can bypass new protections in MacOS High Sierra 29 Nov 201729 Nov 2017 MacOS High Sierra protections can be bypassed, but will make security researchers and companies work more difficult Hackers can bypass a new security feature in MacOS High Sierra to load…
Cyber Security… Create an effective business continuity plan 25 Nov 2017 A business continuity plan outlines procedures and instructions an organization must follow in the face of disaster, whether fire, flood or cyberattack. Here's how to create one that gives your…
AppSec… Exploiting CSRF under NoScript Conditions 22 Nov 201722 Nov 2017 CSRFs -- or Cross-Site Request Forgery vulnerabilities -- occur when a server accepts requests that can be “spoofed” from a site running on a different domain. The attack goes something like this:…
#career… Black Friday Deals – LSB 22 Nov 201729 Nov 2017 Because we are such good people here at LSB, we like to treat our followers to some fantastic deals that we are offered. So we present them to you. The Linux…
Bugs… Amazon Key Lets Delivery People into Your House and It Just Got Hacked 16 Nov 201716 Nov 2017 A hardware safeguard in Amazon’s recently launched while-you’re-out delivery service turns out to have a big hole. And, well—let’s just say you probably should have seen this coming. Amazon Key uses a smart…
Attacks… Set up a Honeypot on AWS 8 Nov 20178 Nov 2017 If you’re aspiring to become a professional in the field of computer security, wish to understand further the current threat landscape or simply want to have a play around with…
Attacks… WAFNinja – Web Application Firewall Attack Tool 7 Nov 20177 Nov 2017 WAFNinja is a Python-based Web Application Firewall Attack Tool designed to help penetration testers execute WAF bypass by automating the steps necessary to bypass input validation. The tool was created…
AppSec… OWASP Security Shepherd – Security Misconfiguration – Solution – LSB 2 Nov 20173 Nov 2017 Welcome back to another OWASP Security Shepherd solution. This challenge is called Security Misconfiguration. So we are given a Username and Password field and we can get the result key…
AppSec… Owasp Security Shepherd – Poor Data Validation – Solution – LSB 8 Sep 20171 Aug 2018 Welcome hackers to a new OWASP Security Shepherd solution. The challenge in question is the Poor Data Validation and this happens when data is only checked on the client side.…
AppSec… How to Hijack Web Browsers Using BeEF 28 Aug 20177 Nov 2017 Welcome back my fellow hackers! Today we’re going to be introducing a new tool for hacking web browsers. Often times, we will need to exploit a variety of vulnerabilities associated…
Exploits… nmap to Map Your Network 28 Aug 201728 Aug 2017 It is certainly well known that "hacker tools" can be used for many legitimate purposes. Nmap, the Network Mapper and security scanner is no exception. These days, it is used…
AppSec… Security Shepherd Solutions 20 Aug 201715 Oct 2018 The OWASP Security Shepherd project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic.…
Attacks… Malware Types Explained 15 Aug 201715 Aug 2017 In this article we will be looking at the different kinds of malware and what they do. When performing static or dynamic malware analysis it is crucial to have a…
Security… Edward Snowden Divulges the Easiest Ways to Protect Yourself Online 15 Aug 20177 Nov 2017 In a recent interview with The Intercept, Edward Snowden offered some advice for what average citizens can do to reclaim their privacy. Because the sharing of information should be a…
Android Security… How the CopyCat malware infected Android devices around the world 7 Jul 20177 Jul 2017 Check Point researchers identified a mobile malware that infected 14 million Android devices, rooting approximately 8 million of them, and earning the hackers behind the campaign approximately $1.5 million in…
Attacks… Using Appcache and ServiceWorker for Evil 7 Jun 20177 Jun 2017 You’re a bad guy and you just hacked a website. Normally you leak the database and leave. The owner fixes everything next day and removes your backdoor. With Middlekit techniques…
Security… Configuring MySQL Securely 26 May 201726 May 2017 Learning how to secure your database and servers has never been more important. Read on for tips on how to secure your MySQL server. In some cases, we might have…
