SQL injection is an attack to circumvent scripts using SQL queries, as is often the case on websites, and especially for user authentication systems. [#] Introduction – SQL, or Structured Query Language, is…
Read more
1) National Vulnerability Database https://nvd.nist.gov/ NVD i.e. National Vulnerability Database is a product of NIST (National Institute of Standards and Technology) Computer Security Division which is sponsored by DHS(Dept. of Homeland Security’s). The…
Read more
SEO (Search Engine Optimization) is the activity of optimizing Web pages or whole sites in order to make them more search engine friendly, thus getting higher positions in search results. SEO is sometimes…
Read more
The process of SEO has never been more important. Search engines, such as Google, Yahoo, and Bing, have developed an impressive ability to deliver relevant search results to a user’s queries. How well a site is ranked…
Read more
The below questions and answers are designed to both measure your understanding of the concepts of XSS -Cross Site Scripting Attacks and Prevention. Q1: What is the difference between HTML Injection and XSS?…
Read more
As a penetration tester there will be times that the client requirements will be to perform social engineering attacks against their own employees in order to test if they follow the policies and…
Read more
Port Scan is Often done by hackers and penetration testers to identifying and discovering internal services of target host. Port Scanning is an important action for gathering more information of the target host….
Read more
It’s difficult to talk about any system in a vacuum, especially a system that is so widely deployed in so many roles as Windows in all of its flavors. To see how easily…
Read more
WordPress is one of the world’s most popular content management systems! It has been installed more than 76.5 million times. According to a report issued by Sucuri, an Internet security company, WordPress is…
Read more
You can easily capture the handshake address with the help of Airodump through which we’ll monitor all the wireless stations and to deauthenticate the station, we’ll use Aireplay package which both are pre-installed…
Read more
This is a very detailed step by step tutorial on How to pentest a Remote PC (Windows 2000/2003 server) with Metasploit Framework. We’ve used Kali Linux 2017.1 and Windows 2000 server in a…
Read more
Once a web server and its services have been compromised, it is important to ensure that secure access can be maintained. This is usually accomplished with the aid of a web shell—a small program…
Read more
A Wi-Fi deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point. The final attack against wireless networks that we’ll evaluate is the…
Read more
ESSID(Extended Service Set Identifier) is the sequence of characters that uniquely identify a wireless local area network. Hiding the ESSID is a poor method of attempting to achieve security through obscurity; unfortunately, the…
Read more
Tor (www.torproject.org) is an open source implementation of the third generation onion routing that provides free access to an anonymous proxy network. Onion routing enables online anonymity by encrypting user traffic and then…
Read more
Kali Linux offers a number of customized tools designed for Penetration Testing. Tools are categorized in the following groups as seen in the drop-down menu shown in the following screenshot: Information Gathering: These…
Read more
Those of us who have conducted or participated in a penetration test will understand that tools are not the only thing necessary to successfully complete a PenTest. Methodologies are essential for ensuring that…
Read more
The following multiple-choice questions are just a Warm-up Questions for you which are as follows: 1. Why would a hacker use a proxy server? A. To create a stronger connection with the target….
Read more
Web Application Proxies like Burp Proxy, WebScarab or Tamper Data Addon allow a security tester to intercept the requests/responses between the client HTTP application and the web server. Proxies are the fundamental for…
Read more
Internet-facing systems are constantly in danger from a variety of threats. Of these threats is a DoS attack, which involves a single system, or a DDoS attack that involves many distributed systems, as both…
Read more
Nmap (Network Mapper) is a security scanner, originally written by Gordon Lyon used to discover hosts and services on a computer network, thus building a “map” of the network. Typical uses of Nmap:…
Read more