Q&A

Top 40 XSS (Cross Site Scripting) Revision Questions with Answers

The below questions and answers are designed to both measure your understanding of the concepts of XSS -Cross Site Scripting Attacks and Prevention. Q1: What is the difference between HTML Injection and XSS? A: Both of them refer to exactly the same thing. In one of the situations, the attacker injected valid HTML tags, while […]

Tutorials

TCP & SYN Scanning with Metasploit Framework without NMAP

Port Scan is Often done by hackers and penetration testers to identifying and discovering internal services of target host. Port Scanning is an important action for gathering more information of the target host. Today, We will see how to use Metasploit to scan port. As we all knows Metasploit Framework is a free and open […]

Tech Articles

A Brief Overview of Kali Linux Tools

Kali Linux offers a number of customized tools designed for Penetration Testing. Tools are categorized in the following groups as seen in the drop-down menu shown in the following screenshot: Information Gathering: These are Reconnaissance tools used to gather data on your target network and devices. Tools range from identifying devices to protocols used. Examples: […]

Q&A

50 questions you need to know about Professional Penetration Testing | FAQ

Those of us who have conducted or participated in a penetration test will understand that tools are not the only thing necessary to successfully complete a PenTest. Methodologies are essential for ensuring that the assessor identifies all vulnerabilities within the client’s network. 1Q: I don’t have any experience in professional penetration testing, which keeps me […]

Tutorials

[Solution] SSL Handshake Alert Error – Burp Suite

Web Application Proxies like Burp Proxy, WebScarab or Tamper Data Addon allow a security tester to intercept the requests/responses between the client HTTP application and the web server. Proxies are the fundamental for the analysis of the web application. Portswigger Burp Suite is a suite of tools that will let us test and inspect the […]

Tutorials

Gloom – Linux Penetration Testing Framework

Security is a state in which we ensure a proper gap between the threats and assets of an organization. We try to either move assets far away from threats or we try to somehow apply good security controls in between the two. When we talk about Security, we have to focus on both Application and […]

Tech Articles

Penetration Testing Quick Cheatsheet v1.0 – 2017

Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit. Here we’re listing out the quick cheatsheet and commands of all pen test phases. 1) Reconnaissance: Normally no active tests are performed on targets. At this phase google is […]

Tutorials

Pythem – Multi-Purpose Pentest Framework 2017

Pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. The tool intended to be used only for acts within the law. Features – Only runs on GNU/Linux OS. Based on Python Easy to install and use Supported attacks – ARP spoofing – […]

Tutorials

Get Free Kali Linux on AWS with Public IP – Real Time Penetration Testing

As you all knows, Kali Linux is one of the most popular penetration testing OS with more than 1000s of hacking tools pre-installed in it like Metasploit Framework, Air-crack Package for Wireless Cracking, various Network Scanning Tools, Web Application Scanning Tools like wpscan, joomscan etc. In this article, you’ll learn a complete installation of Kali […]

Tools

Top 5 Mobile App Testing Tools – Featured 2017

1. AFE – Android Framework for Exploitation, is a framework for exploiting android based devices. They’ve been in the security field from past 5 years and having a strong enthusiastic team behind Appknox(https://www.appknox.com) whose headquartered in India. Currently they have 4 premium packages i.e. Lite Edition, Essential Edition, Premium Edition and Enterprise Edition. Github Link […]

Tech Articles

Mobile Application Penetration testing Checklist 2016

Client Side – Static and Dynamic analysis Test Name Description Tool OWASP Applicable Platform Result Reverse Engineering the Application Code Disassembling and Decompiling the application, Obfuscation checking apktool, dex2jar, Clutch, Classdump M10 All Issue Hard-coded credentials on sourcecode Identify sensitive information on sourecode string, jdgui, IDA, Hopper M2 All Issue Insecure version of Android OS […]

Tech Articles

Kali Linux 2016.2 has been launched

As you all knows, Kali Linux is one of the best open source Operating System used by Penetration Testers and Security Experts. It has wide range of hacking and scanning tools like Password Cracking, Nessus, Nmap, Wi-Fi Cracking, Bruteforce, WLAN Exploitation, Information Gathering Etc.. Now the latest version of Kali Linux is 2016.2 so called […]

Tech Articles

Checklist for performing security testing on web applications

For every businessman, development of website is much important as it acts as a  most important promotional tool for his products and services. By Developing a website means, your website should be secured enough so that no one can break it down. and for that security testing, we made one checklist in which we listed […]

Tech Articles

Every Penetration Tester you should know about this – Rules of Engagement

Penetration testing involves the use of a variety of manual and automated techniques to simulate an attack on an organization’s information security arrangements. One of the key points when managing testers is to understand what they cannot do. An individual penetration tester – however talented – is unlikely to be an expert in all the […]