How and Why Your Business Should Conduct Cybersecurity audit

As companies accept new digital technologies, the possibility of being targeted by cyber-attacks increases. Increasing network complication through digital innovation often makes unique network differences that cyber attackers can take…

HTTP PUT Method Exploitation with Put2Win (Meterpreter Shell)

From previous article, we came across to different actions performed by HTTP methods where we had described the role of PUT method which allow client to upload a file on…

Handy MySQL Commands – Cheatsheet 2018

Designing the database is a key step, largely because changes to the database at a later date have far larger implications and potential complications than changing any other aspect of the site.…

Send Fake Mail using SETOOLKIT [Kali Linux]

The information security environment has changed vastly over the years. Now, in spite of having security policies, compliance, and infrastructure security elements such as firewalls, IDS/IPS, proxies, and honey pots deployed inside…

Host Header Attack – Practical Exploitation and Prevention

The “HOST” header is part of the http protocol, vulnerable applications are vulnerable because they insert the value of this header into the application code without proper validation, this means…

19 Most Useful Plugins for Burp Suite [Penetration Testing]

Burp Suite is an intercepting HTTP Proxy, and it is the defacto tool for performing web application security testing.  Burp is highly functional and provides an intuitive and user-friendly interface.…

[Solution] Disable the detectportal.firefox.com requests in Burp Suite

Approx a year back, Mozilla added a new feature “Captive Portal” support to Firefox browser in an attempt to enhance usability when connecting to free Wi-Fi portals. Captive Portal feature…

Bypass HacktheBox.eu Invite Registration

Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests. It contains several challenges…

Metasploitable3 Full Installation on Windows – Detailed Guide 2018

The Metasploitable machines are those vulnerable machines, designed by Rapid7 Company for training offensive security skills and testing exploits. To install Metasploitable3 on windows is not easy as Metasploitable2 installation,…

HTTP PUT Method Exploitation – Live Penetration Testing

In this article, we’ll be exploiting the HTTP PUT method vulnerability on one of the Metasploitable2 webserver through which you can easily upload any malicious file onto the server and…

Best 16 Penetration Testing Books – 2018 Update

A penetration test is very different and much more intrusive than a simple vulnerability analysis. It consists mainly of furthering the vulnerability analysis by exploiting the vulnerabilities discovered during the…

Top 10 Penetration Testing Distributions – 2018 Update

For those who are interested in learning how to do Penetration Testing, there are many tools and operating  systems are available, but very few targets to practice against safely –…

Penetration Testing Resources – 2018 Compilation

A Penetration test is the process of actively evaluating company’s information security measures. Security measures are actively analyzed for design weakness, technical flaws and vulnerabilities. The results are delivered comprehensively…

Simple Tips to Prevent SQL Injection Vulnerability

As seen from the previous articles, SQL injection has the ability to attack a web server database, compromise critical information, and expose the server and the database to a variety…

Mitigations for Common Web Application Flaws

The most prominent components of web applications that intruders will first seek to exploit are vulnerabilities within the web platform. The web platform commonly includes: Web server software (such as…

Top 40 XSS (Cross Site Scripting) Revision Questions with Answers

The below questions and answers are designed to both measure your understanding of the concepts of XSS -Cross Site Scripting Attacks and Prevention. Q1: What is the difference between HTML…

TCP & SYN Scanning with Metasploit Framework without NMAP

Port Scan is Often done by hackers and penetration testers to identifying and discovering internal services of target host. Port Scanning is an important action for gathering more information of…

A Brief Overview of Kali Linux Tools

Kali Linux offers a number of customized tools designed for Penetration Testing. Tools are categorized in the following groups as seen in the drop-down menu shown in the following screenshot:…

50 questions you need to know about Professional Penetration Testing | FAQ

Those of us who have conducted or participated in a penetration test will understand that tools are not the only thing necessary to successfully complete a PenTest. Methodologies are essential…

[Solution] SSL Handshake Alert Error – Burp Suite

Web Application Proxies like Burp Proxy, WebScarab or Tamper Data Addon allow a security tester to intercept the requests/responses between the client HTTP application and the web server. Proxies are…

Gloom – Linux Penetration Testing Framework

Security is a state in which we ensure a proper gap between the threats and assets of an organization. We try to either move assets far away from threats or…

Penetration Testing Quick Cheatsheet v1.0 – 2017

Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit. Here we’re listing out…

Pythem – Multi-Purpose Pentest Framework 2017

Pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. The tool intended to be used only for…

Get Free Kali Linux on AWS with Public IP – Real Time Penetration Testing

As you all knows, Kali Linux is one of the most popular penetration testing OS with more than 1000s of hacking tools pre-installed in it like Metasploit Framework, Air-crack Package…

Top 5 Mobile App Testing Tools – Featured 2017

1. AFE – Android Framework for Exploitation, is a framework for exploiting android based devices. They’ve been in the security field from past 5 years and having a strong enthusiastic…

Mobile Application Penetration testing Checklist 2016

Client Side – Static and Dynamic analysis Test Name Description Tool OWASP Applicable Platform Result Reverse Engineering the Application Code Disassembling and Decompiling the application, Obfuscation checking apktool, dex2jar, Clutch,…

Kali Linux 2016.2 has been launched

As you all knows, Kali Linux is one of the best open source Operating System used by Penetration Testers and Security Experts. It has wide range of hacking and scanning…

Checklist for performing security testing on web applications

For every businessman, development of website is much important as it acts as a  most important promotional tool for his products and services. By Developing a website means, your website…

Every Penetration Tester you should know about this – Rules of Engagement

Penetration testing involves the use of a variety of manual and automated techniques to simulate an attack on an organization’s information security arrangements. One of the key points when managing…