How and Why Your Business Should Conduct Cybersecurity audit

As companies accept new digital technologies, the possibility of being targeted by cyber-attacks increases. Increasing network complication through digital innovation often makes unique network differences that cyber attackers can take advantage of. If left unchecked, these risks may weaken the goals of your association. Therefore, companies must implement an effective cybersecurity plan. Managing cybersecurity audits […]


HTTP PUT Method Exploitation with Put2Win (Meterpreter Shell)

From previous article, we came across to different actions performed by HTTP methods where we had described the role of PUT method which allow client to upload a file on server with different ways i.e with Netcat, with Nmap, with BurpSuite, with Curl, with Quickput, with Cadaver and with Metasploit Framework. Testing Environment Setup –  […]

Tech Articles

Handy MySQL Commands – Cheatsheet 2018

Designing the database is a key step, largely because changes to the database at a later date have far larger implications and potential complications than changing any other aspect of the site. Adding functionality through database changes is a steep challenge and fixing database flaws is excruciating, so make every effort you can to get the database design right […]


Send Fake Mail using SETOOLKIT [Kali Linux]

The information security environment has changed vastly over the years. Now, in spite of having security policies, compliance, and infrastructure security elements such as firewalls, IDS/IPS, proxies, and honey pots deployed inside every organization, we hear news about how hackers compromise secured facilities of the government or of private organizations because of the human element involved in each […]


Host Header Attack – Practical Exploitation and Prevention

The “HOST” header is part of the http protocol, vulnerable applications are vulnerable because they insert the value of this header into the application code without proper validation, this means not only applications hosted on Apache/Nginx can be vulnerable. For Host Header Attack Exploitation, basically there are two ways through which you can exploit the […]

Tech Articles

19 Most Useful Plugins for Burp Suite [Penetration Testing]

Burp Suite is an intercepting HTTP Proxy, and it is the defacto tool for performing web application security testing.  Burp is highly functional and provides an intuitive and user-friendly interface. Its proxy function allows configuration of very fine-grained interception rules, and clear analysis of HTTP messages structure and contents. The proxy can also be configured to perform […]


Bypass Invite Registration

Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests. It contains several challenges that are constantly updated. Some of them simulating real world scenarios and some of them leaning more towards a CTF style of challenge. HackTheBox  currently […]


Metasploitable3 Full Installation on Windows – Detailed Guide 2018

The Metasploitable machines are those vulnerable machines, designed by Rapid7 Company for training offensive security skills and testing exploits. To install Metasploitable3 on windows is not easy as Metasploitable2 installation, here you need to craft the virtual image itself with the help of vagrant and Packer tools which generally used to create virtual development environments. […]


HTTP PUT Method Exploitation – Live Penetration Testing

In this article, we’ll be exploiting the HTTP PUT method vulnerability on one of the Metasploitable2 webserver through which you can easily upload any malicious file onto the server and can gain the access of the whole webserver in meterpreter shell. In last article, we’ve already learnt that how to Test HTTP Methods with Curl, […]


Best 16 Penetration Testing Books – 2018 Update

A penetration test is very different and much more intrusive than a simple vulnerability analysis. It consists mainly of furthering the vulnerability analysis by exploiting the vulnerabilities discovered during the latter. Unmistakably, the penetration test determines the organization’s real business risks in order to mitigate them as quickly and efficiently as possible. One of its […]

Tech Articles

Top 10 Penetration Testing Distributions – 2018 Update

For those who are interested in learning how to do Penetration Testing, there are many tools and operating  systems are available, but very few targets to practice against safely – not to mention legally. For many, learning penetration tactics has been through attacking systems on the Internet. While this might provide a wealth of opportunities and […]

Tech Articles

Penetration Testing Resources – 2018 Compilation

A Penetration test is the process of actively evaluating company’s information security measures. Security measures are actively analyzed for design weakness, technical flaws and vulnerabilities. The results are delivered comprehensively in a report, to executive, management, and technical audiences. An organisation should conduct a risk assessment operation before the penetration testing that will help to […]

Tech Articles

Simple Tips to Prevent SQL Injection Vulnerability

As seen from the previous articles, SQL injection has the ability to attack a web server database, compromise critical information, and expose the server and the database to a variety of malicious exploits; however, there are measures that can be applied to mitigate SQL injection attacks. Use of these practices does not guarantee that SQL […]