Penetration Testing Articles (84)

Session Hijacking Attacks: How they Work and What you Can do to Prevent them

A web application user interacts with it in a variety of ways and can perform different actions depending upon his access restrictions. Most of the time these web applications require users to login in order to perform different actions that only authenticated and authorized users are allowed to perform. HTTP is a stateless protocol that doesn’t maintain user state when he/she performs different actions while using the web application. This meant that the application developers had to come up with a different way in order to maintain the state of the user’s connection with the web application. The use of session IDs and cookies is one such way to maintain this state. However malicious adversaries can employ different tactics to hijack the session of a legitimate user. These types of attacks are called session hijacking attacks. This article goes over the basics of the user session on the application and session hijacking, the types of session hijacking attacks, and the different techniques that can be used to prevent these attacks.

An Overview of Directory Traversal Attacks in a Web Application

Server security is a major problem for different enterprises. Due to their importance in ensuring the smooth operation of all other components of an information system such as networks, applications, or infrastructure, servers are frequently the primary targets of attacks. A web server hosts several files that must be protected from unauthorized access, either because they contain private information or because they are critical for the proper functioning of different services running on the server. These files include database records, configuration files, and files for server web applications, among many other things. In order to protect these files from unwanted disclosure, access, modification, or loss, the web server must be equipped with a number of security safeguards.

Shodan Basic Searches: Find Devices and Vulnerabilities

Shodan, as we discovered in the introduction to the shodan blog page, operates servers across the world that scan Internet-connected devices and collect the banner to determine what systems are operating on the server. These Internet-connected devices will generate various banners based on the services they are running. Shodan servers produce a random IP address to crawl, as well as a random port to verify and validate the random IP and port. The banner information, IP, and port data are all indexed and accessible which makes it a useful tool for an OSINT investigator. Upon finishing the blog post you will be ready to use Shodan in your research. Let’s start learning!

Techniques Used for Malware Obfuscation

Malware obfuscation is a technique for making textual and binary data harder to decipher. Because they disclose patterns of malware behavior, it aids adversaries in hiding crucial strings in software. The strings would be like opening a PowerShell or cmd, infected URLs. Moreover, attackers use numerous obfuscation techniques to hide and stay undetected for as long as possible.

Meterpreter for Pentesters

Metasploit is a complete framework that provides data about security vulnerabilities and helps with penetration testing. It is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code. To run metasploit on Linux, open up a terminal and type msfconsole command. The shell code that executes after an exploit successfully compromises a system is known as a payload. The payload enables you to define how you want to connect to the shell and what you want to do to the target system after you take control of it. A payload can launch a command shell or meterpreter.

Windows Persistence Techniques With Metasploit

A lot of hard work goes into exploiting any system and once the system is exploited successfully and would need further more time to pivot into other systems in the network. Maintaining access to the system is very important once the system is compromised. Persistence involves the strategies used by adversaries and red team specialists to keep access to systems even if the system restarts, credentials change, or other interruptions occur. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.

Windows Privilege Escalation - AlwaysInstallElevated

In a privilege escalation attack, Attackers get system access with low privilege and then attempt to gain higher rights to do operations that are restricted to less privileged users. Attackers gain administrative access to the network by exploiting design flaws, programming faults, bugs, and configuration blunders in the operating system and software applications. In this article, we will gain administrative privileges via the misconfigured AlwaysInstalledElevated group policy settings.

NFS Enumeration for low privilege access

Network File System (NFS) - remote filesystem access [RFC 1813] [RFC5665]. The users can access, read, store, and update files via a remote server using the NFS file system type. The client can access these remote data in the same way that they can be accessed on a local machine. Clients can either read-only or read and write data, depending on the access granted to them.

A Gentle Introduction to MSFVenom

Msfvenom is a combination of Msfpayload and Msfencode, combining both tools into a single Framework instance. These tools are used to generate various payload types and encode them in various encoder modules. The msfvenom tool combines the capabilities of msfpayload and msfencode into a single tool. The use of msfpayload and msfencode had a lot of parameters, and users had problems remembering them. The problematic aspect was jumping from one tool to another tool so the Metasploit developers decided to create and release the Msfvenom tool. After merging these tools together, msfvenom works faster and can handle all possible formats, and bring some sanity to payload generation.

Bypass UAC using metasploit

UAC stands for User Account Control. User Account Control is a mandatory access control enforcement facility of the window machine that helps to prevent malicious software from damaging a PC. UAC’s job is to prevent a program from making changes to its system without authorization from the administrator. If a program is trying to do something which is a system-related change, it will require administrator rights. If the administrator does not approve the modifications, then the changes will not be implemented, and Windows remains unmodified.

Password Grabbing: Dump and Crack SAM Hashes

Security accounts manager (SAM), NTLM Authentication, and Kerberos authentication are the three technologies (protocols) offered by Microsoft that the Windows OS and domain use to authenticate its users. Windows manages user accounts and passwords in hashed (in LM hash and NTLM hash) format using the Security Accounts Manager (SAM) database or the Active Directory database which is a one-way hash. To prevent attacks, the system stores the passwords in a hashed format rather than plaintext. The system implements the SAM database as a registry file, and the Windows kernel obtains and keeps an exclusive filesystem lock on the SAM file. This file contains a filesystem lock, which adds some protection to the password storage process. The sam file is located at C:\windows\system32\config passwords that are hashed and saved in SAM can be found in the registry.

Windows Privilege Escalation - Unquoted Service Path

Attackers first gain access to the target system and then try to attain higher-level privileges in the system. Privilege escalation is the second stage of system hacking. Privileges are a security role assigned to users for using specific programs, features, OSs, functions, files or codes, etc., to limit their access by different types of users. Privilege escalation is the process of gaining more privileges than initially assigned. Let’s say an attacker has gained access to your network using a non-admin user account. Then the attacker tries to gain admin privileges using programming errors, bugs, and configuration oversights in the operating system or the software application. Let’s discuss how attackers can exploit cron jobs to gain root access to a remote machine.

Privilege Escalation Techniques: Windows - Unquoted Service Path

The second stage of system hacking involves escalating privileges. Attackers get system access with low privilege and then attempt to gain higher rights to do operations that are restricted to less privileged users. Microsoft Windows services allow you to write long-running executables that operate in their own Windows sessions. These services can be started automatically when the computer boots, is paused, or restarted, and does not have a user interface. In this article, we will exploit the Unquoted service path technique to increase our privilege from low-level user to NT-Authority/System user.

Metasploit: Introduction to Databases and Workspaces

It is critical to keep all data secure and organized so that you can reuse your findings effectively and easily when you need them. In this blog post, we are going to take a look at how we can achieve this with msfconsole databases and workspaces.

LLMNR Poisoning attack with Responder

In the article we will discuss the basics of LLMNR and explain how a tool can be used to conduct a poising attack against it.

Single Mode Password Cracking with John the Ripper

In a previous blog post, we performed a basic password cracking with John using wordlists. In this blog post, we are going to explore John’s single crack mode.

Metasploit: Working with HTTP Auxiliaries

In this blog post, we’ll explore HTTP auxiliary modules within the Metasploit Framework that you can utilize for information gathering and enumeration purposes.

Metasploit: Working with Sessions

In this blog post, we are going to cover sessions in the Metasploit Framework.

Metasploit: Introduction to Exploit Modules

This blog page will give you a general understanding of exploit modules in the Metasploit Framework.

Metasploit: Introduction to Payloads

What do you want to accomplish on the target machine with your initial payload? This blog page will give you a general understanding of Metasploit Framework’s payloads.

Introduction to Web Caching and Web Cache Poisoning

Web applications such as e-commerce websites or websites that use Content delivery networks receive a large number of user requests from around the world. In order to deal with growing user requests and balance the load of the main server, web applications use different caching techniques. Caches are typically employed by the use of proxy servers or web browsers to store files such as images, videos, or audio files and different frequently accessed files in the local storage. Web caching is an effective technique that is used to handle growing user requests, improve network capacity, and provide a seamless user experience. This article covers the basics of web caching, how the attackers perform web cache poisoning attacks, the impact of web cache poisoning, and the recommended mitigation techniques.

TCP, UDP, and SMB Auxiliary Modules in Metasploit

In this blog post, we’ll explore TCP, UDP, and SMB protocols auxiliary modules within the Metasploit Framework that you can utilize for information gathering and enumeration. Let’s start with TCP auxiliary modules and required variable settings…

An Overview of Cross-Origin Resource Sharing

The Same-Origin Policy is a security mechanism that prevents the resources belonging to a web application from being shared with another website. The major goal of this policy is to safeguard your web application against many attack methods, including malicious code execution, compromised user passwords, unauthorized disclosure of sensitive information, and much more. However, in today’s world, websites exchange a large number of resources with one another in order to provide numerous capabilities and a more seamless user experience.

Hands on with John the Ripper: Performing a Basic Dictionary Attack

In a previous article we discussed techniques and tools used for cracking password. In this article, we provide a step-by-step guide to performing a dictionary attack with one of these commonly used tools, “John the Ripper”.

Password Spraying with Hydra

In a brute force attack, an attacker tries to guess a password by trial and error method to try and break into the device, network, or website. Let’s say an attacker is trying to hack into the account called victim_user. Initially, the attacker will first generate a list of passwords to use based on the passwords he found online or based on the interests of the user. Then, the attacker writes or uses a script or a tool and continuously tries to login into the service or device using that script.

An Overview of Nuclei Default Templates

You can model various security checks with Nuclei. In today’s blog post we are going to take a quick look at default templates in Nuclei.

Finding SQL Injection: Practical Cases

Finding the injection point is the first step in exploiting a SQL injection, after which you can create a payload to take over the target dynamic query. By probing an online application’s inputs with characters that are known to make the SQL query syntactically improper and force it to return an error, it is possible to locate SQL injections within it most easily. Please take note that not all web application inputs are utilized when creating SQL queries. We advising categorizing the various input parameters and saving the ones utilized for manipulating and retrieving database data in the information gathering step of pentesting. We’ll look at how to leverage the data collected to find and take advantage of SQLi vulnerabilities in the ensuing slides.

Web Application Username Enumeration and Defense Techniques

The Burp Intruder tab will be the target of our enumeration attack. Let’s navigate to the Target tab and select Send to Intruder by right-clicking one of the POST requests.

Bypassing Authorization in Web Applications

In this article we will discuss flaws that let an attacker get around permission. Take attention of the word "bypass". In contrast to the another tricks like password enumeration, we won’t search for a password; instead, we’ll attempt to access protected content without logging in…

Hands-on with Wireshark: Basic OS and Vendor Analysis

In this blog page, we are going to analyze a network traffic flow in Wireshark and learn how to find OS software details and the manufacturer of an IP address. We will also learn how to apply a display filter to narrow down traffic results to find a specific address we are looking for. Upon completion of this page, you will be able to transfer these skills to various operations you perform as a security operations practitioner.

Metasploit: Hands-on with Variables

While working with Metasploit, most vulnerabilities in the Metasploit Framework require us to specify settings for some of the variables. This blog post will provide you with hands-on experience with exploit and payload modules global and local variables. It would be more effective if you follow along with us in your Kali terminal. Let’s dive right in…

Metasploit: Hands-on with Basic Commands

In this blog post, we are going to get started with the essential utilities of Metasploit by performing tasks.

Web App Vulnerabilities: Files and Resources Attacks

Some online applications require file system resources (such graphics, static text, and so forth) in order to be implemented. They occasionally define the resources using parameters. Security problems may occur when these parameters are user-controlled, improperly sanitized, and utilized to construct the resource path on the file system.

Web App Vulnerabilities: Anatomy of an XSS

Input validation attacks are ones that are started by user input. Due to poor application or server validation before using the data, malicious input can successfully interfered with an application’s ability to function. Poor coding design and a lack of knowledge of secure coding best practices are to blame for the majority of web application vulnerabilities.

An Overview of Information Disclosure Vulnerabilities

In the reconnaissance stage of a penetration test, hackers, security testers, or bug bounty hunters gather pertinent data about the target application or network under consideration. The information acquired during this stage can provide the hacker or security tester with extremely valuable information about the target web application. Information disclosure vulnerabilities in web applications can lead to the attacker gaining information in an unauthorized manner that can help them to devise an effective hack strategy. This article covers the fundamentals of information disclosure vulnerabilities, the sources in the web application from where you can find significant information, the impact of these vulnerabilities, and several preventive strategies.

Identifying ARP Request Packets with Wireshark

One of the most significant abilities of penetration testers is the ability to understand and analyze network traffic. In this blog article, we will go over what an Address Resolution Protocol (ARP) is and what messages it includes. Finally, we’ll look at how to identify the ARP request message in Wireshark by performing an ARP packet analysis. First, here is a quick refresher on ARP.

Netbios Enumeration

Most of the time, security experts/Penetration testers enumerate NetBIOS at the initial phase of the enumeration because it extracts a large amount of sensitive information about the target network, such as users and network shares. NetBIOS, which stands for Network Basic Input/Output System, was created in 1983 by Sytek, Inc. for IBM PC networking. NetBIOS is not a networking protocol but rather another one of the creations in networking that was originally designed to make life easier for us.

SNMP Enumeration with snmp-check

Enumeration occurs after scanning and is the process of gathering and compiling usernames, machine names, network resources, shares, and services.

MAC flooding attack

Sniffing techniques like MAC attacks, DHCP attacks, ARP poisoning, and DNS poisoning are used by attackers to collect and modify sensitive data. These techniques are used by attackers to obtain control of a target network by reading captured data packets and then exploiting that information to break into the network.


Mark Russinovich created the PS Tools Kit, a collection of 13 tools. These utilities are command-line tools that allow you to launch processes on remote computers and redirect console application output to the local system, making it appear that the applications are running locally. All of these tools are compatible with Windows NT and later versions. Because they are console applications, these tools can be used on both a local computer and a remote host.

A General Overview of Nuclei Command Line

In this blog post, we are going to make a quick introduction to Nuclei and it’s powerful components. First let’s start with explaining why we need automated tools in scanning.

Post-Exploitation: Information Collection and Persistance via Process Migration

Once we obtain the Meterpreter session, we can execute various post-exploitation commands. In this blog article, we will perform fundamental command-line actions that allow penetration testers to acquire precise information about the host and we will also learn how to migrate a process for a more reliable connection with the target system.

Performing Regular Penetration Tests is Essential, but There Are Some Limitations to Consider

Although penetration tests are suggested and must be performed on a routine basis, they do have some constraints. In this blog page, we will discuss the major constraints of penetration testing programs in organizations.

Kerberos Attack and Defense Techniques

Kerberos is a network authentication protocol based on client/server architecture. This protocol does not require users to provide their passwords; instead, it relies on tickets and keys for authentication. Kerberos is a commonly employed authentication protocol in Active Directory. Because of its popularity, it has drawn the attention of hackers worldwide attempting to exploit its security weaknesses and crack the protocol. This article goes over some of the most common Kerberos attacks, how to carry them out, and how to defend against them.

Mac Spoofing Made Easy With Mac Changer

In this blog post, we will explain what mac spoofing is and demonstrate how a MAC address can be spoofed using “MAC Changer”.

Exploiting EternalBlue With Metasploit

In this blog article, we will exploit and utilize a vulnerable Windows machine and perform some actions such as identifying a vulnerable SMB service port and dumping SAM file credentials using Metasploit. Before beginning our Nmap scan let’s define what is a SAM file on Windows OS.

Using Metasploit to Enumerate SSH

When you find valuable information about your target machine’s SSH server, as a penetration tester you can research common vulnerabilities and exploits to compromise this service using these findings. As you might guess, today’s blog post is about SSH and how to enumerate SSH servers using Metasploit.

Password Cracking Techniques, Tools and Protection Recommendations

A password is a protected string of characters that is used to authenticate a user. Passwords are the most widely used authentication method, yet they are also the weakest. Users sometimes choose passwords that are exceedingly easy to guess or are based on personal information about the user (e.g. their birth month or the name of their pet). They may even scribble it down on a piece of paper, hide it in a location where it may be easily taken, or share it with others. Organizations that utilize passwords as the primary or one of the sources of authentication should implement proper security controls to prevent them from being compromised as it can have severe implications. This article will go over the basics of password cracking, as well as the techniques and tools used to crack passwords and password protection mechanisms.

S3 Bucket URL Enumeration

A storage service is a standard facility that cloud service providers often give to clients. And Simple Storage Service is the name of AWS’s storage facility (which is also abbreviated as S3).

A Brief Introduction to Wordlists and how to Generate them with CeWL

In this blog post, we will make an introduction to wordlists and make a quick custom word generation exercise with CeWL.

Open Redirection

Occasionally, programs must redirect visitors to a different page. The intended functionality of that would be to redirect the user to a desired website, but it’s quite easy for attackers to mess this up when their user input might impact the redirections’ outcome. In other terms, an open redirect occurs when a website allows for a redirection to an unexpected page.

Enumerating Active Directory with Powerview

In this blog post, we will practice enumerating the Active Directory using the Powershell PowerView module.

Enumerating SMTP with Metasploit

In this blog post we are going to take a quick look at what is SMTP, and how we can get information about the target system utilizing Metasploit modules.

Broken Access Control (BAC)

Users cannot behave beyond their specified privileges because access control imposes numerous policies. Hence, unauthorized disclosure of information, alteration or loss of any or all data, or executing a corporate activity outside of the user’s bounds are all common outcomes of failures and may lead to Broken Access Control.

Manual and automated password acquisition

Password attack/cracking is one crucial step in the art of system hacking. When performing penetration tests, passwords can be obtained in a variety of ways. These can range from manually obtaining them from the target to using advanced automated attacks such as packet sniffing and brute force.

An Introduction to Web Shells

A web shell is a malicious piece of code or script that is put on a target server and written in server-side languages such as PHP, ASP, PERL, RUBY, and Python. It gives an attacker the ability to run commands on the web application’s server. The malicious script allows attackers to gain remote access to the target server’s file system as well as remote administration capabilities.

Scanning SMB, Telnet and FTP default ports

One way an attacker can obtain a better understanding of a network and its security posture is by scanning its file transfer services, this data can then be used to detect security vulnerabilities. Common protocols such as SMB (server message block), FTP (file transfer protocol), and telnet are commonly seen when performing penetration testing.

Host Discovery: Get the Information You Need About a Network

Host discovery is the process of identifying all the devices that are connected to your network. This can be done manually, but it’s often more efficient to use a tool like Nmap. Once you know all the active hosts that are present on your network, the next phase is to begin testing them. Let us have a look at different types of host discovery techniques…

Stop Attackers From Moving Around Your Server

When an attacker gains access to a web server, they often attempt to move around the server to find sensitive information. One way they can do this is by using a technique called directory traversal. Directory traversal is when an attacker uses the directory structure of a website to their advantage.

Server-side request forgery

Server-side request forgery (SSRF) attacks are a type of attack in which the attacker tricks the server into making a request to a third-party resource on behalf of the attacker. This can be done by specifying a malicious URL in the request parameters, which the server then attempts to resolve. This can lead to sensitive data being leaked, or the attacker gaining access to internal systems that are not normally accessible from the public Internet.

Stop IDOR Attacks Before They Happen

Insecure Direct Object References (IDOR) are a type of vulnerability that occurs when an application references an object such as a database and files using an insecure method. This can allow an attacker to gain access to sensitive data or perform unauthorized actions. IDORs can occur when an application uses user input to reference an object without properly validating or sanitizing the input.

Bypass IDS and Firewall Restrictions While Network Scanning

A firewall is a security system that monitors and regulates network traffic based on specified security rules. An intrusion detection system (IDS) is a network security tool that monitors and analyses network traffic for suspicious activity and can send out alerts if it is found. Denial-of-service (DoS), person-in-the-middle (PiTM), and network reconnaissance attacks can all be detected by IDSs. An intrusion detection system (IDS) and a firewall are used to prevent unauthorized access to a network.

Privilege Escalation: Don't Let the Bad Guys Get Ahead

Privilege escalation is a technique used by attackers to gain elevated access to resources or data that are normally forbidden to them. By exploiting vulnerabilities or misconfigurations, an attacker can escalate their privileges and gain access to sensitive information or perform actions that would otherwise be forbidden.

Content Discovery - Part 2

In a previous article, we discussed robots.txt and automatic scanning for content. There are many more ways to discover hidden content on websites. In this blog post, we are going to manually find additional valuable information about websites.

Content Discovery - Part 1

The first stage in attacking software is obtaining and analyzing critical information about it in order to acquire a better grasp of what you’re dealing with. We can find information either manually, with the help of automated tools, or with Open-Source Intelligence (OSINT). This blog article will introduce you to discovering website content using automated tools.

Understanding the different types of scan you can perform with Nmap

Port scanning is the method of enumerating open ports and services by delivering a series of messages. Port scanners identify active hosts and scan their ports by manipulating transport layer protocol flags. Administrators and users may accidentally keep unnecessary open ports on their computers. An attacker can take advantage of such open ports for malicious purposes.

Common Code Injection Vulnerabilities

Injection attacks are a type of attack that allows attackers to execute malicious code on a server by injecting it into a web application. This can be done through user input, such as via a form field or URL parameter. Once the code is injected, it can be executed by the server, resulting in the attacker gaining access to sensitive data or damaging the server. Injection attacks are a serious threat to web applications and can be difficult to prevent.

DNS enumeration using zone transfer

DNS enumeration is the process of identifying all DNS servers and records for a specific domain. This information can identify potential security flaws such as unprotected DNS servers and zone transfers. DNS enumeration can also be used to collect information about a target company, such as identifying email and web servers.

Enumerating AWS S3 Buckets

S3 buckets are one of the most important aspects of Amazon Web Services (AWS). They are used to store and retrieve data and can be accessed from anywhere in the world. S3 buckets are also used to host static websites. In this article, we will look into different techniques attackers use to identify AWS S3 Buckets.

Get the Inside Scoop on a Machine's Operating System

OS fingerprinting, also known as banner grabbing, is a technique for determining the operating system that is installed on the targeted machine. Once the operating system and its version are determined, the attacker then finds the system vulnerabilities and exploits that may work on that machine to carry out further attacks. Active and passive banner grabbing are the two types of banner grabbing.

Network Footprinting: the Building Blocks of Any Successful Attack

The process of gathering information about a target network, and identifying and discovering network ranges is known as network footprinting. Network footprinting helps an attacker determine the domain’s subnet mask and trace the network path between the system and the target machine. As a result, attackers can learn how the network is built and which systems are connected and are being actively used. The network ranges also help in identifying the target network’s topology, access control devices, and operating systems.

Weaknesses in default configuration settings

Hardening your configurations is one of the most important aspects of keeping your systems secure. A configuration is a collection of files and options that govern how a system operates. When you harden a configuration, you are making changes to improve the system’s security. When hardening a configuration, there are numerous factors to consider. The principle of least privilege is one of the most important. This principle states that users should only have the permissions they require to do their jobs. By limiting permissions, you can limit the damage that an attacker can do if they gain access to a user account. Another critical factor to consider is the principle of defense in depth.

Be Informed. Be Safe. Design Vulnerabilities.

As technology advances, so do the ways in which criminals can exploit design vulnerabilities. Design vulnerabilities can be found in both hardware and software, and can be used to gain access to systems, data, and devices. While there are many ways to mitigate the risks posed by design vulnerabilities, it is important for organizations to be aware of these risks and take steps to protect their systems and data.

Don't Let Race Conditions Bug You!

“Race conditions” are bugs that occur as a result of the timing or order in which multiple operations are executed. This is a fairly broad category of bugs that can manifest themselves in a variety of ways depending on the problem space. Unfortunately, race conditions are notoriously difficult to solve. Exclusive access or critical sections significantly slow down application performance. They obstruct the use of computer resources and destroy our CPU cache utilization.

XML External Entity Injection

XXE (XML External Entity Injection) is a common web-based security vulnerability that allows an attacker to interfere with a web application’s processing of XML data. XXE is a common security flaw because XML is an extremely popular format used by developers to transfer data between the web browser and the server.

Keep Your Web Application Safe by Preventing SQL Injections

SQL injection (or SQLi) attacks alter SQL queries by injecting malicious code through application vulnerabilities. SQLi attacks that are successful allow attackers to modify database information, access sensitive data, perform administrative tasks on the database, and recover files from the system. In some cases, attackers have the ability to execute commands on the underlying database operating system.

Mimikatz: the Post-exploitation Tool for Offensive Security Testing

Mimikatz is a popular open-source post-exploitation tool for offensive security penetration testing. Mimikatz is a collection of modules that use privilege escalation and lateral movement techniques to assist both security testers and malicious actors to get a foothold in the target network. This article looks at the features of Mimikatz and how you may protect your organization’s IT infrastructure from it.

Protect your Web Applications Against CSRF Attacks

Cross-site request forgery (CSRF) is a type of attack that allows an attacker to do unauthorized actions on behalf of a user. A CSRF attack happens when a malicious site sends a request to a victim site, causing the victim site to perform an action intended by the attacker. This can be used to steal information, such as login passwords, or to take acts on the user’s behalf, such as moving funds from their account.

A General Overview of Penetration Testing Methodologies

A pentest, or penetration test, is a method to explore and assess security measures to safeguard these resources ethically. A penetration test, like an audit, requires using the similar tools, procedures, and processes that a hacker or any bad actor would benefit from.

Using Netcat as a Reverse Shell

In this post we will find out what a reverse shell is and look at practical implementation examples using netcat. Once we are able to execute code remotely, for example, using a known RCE-vulnerability it is important to continue further with more advanced post-exploitation phases.

The Reconnaissance Phase in Penetration Testing Engagements

Reconnaissance is the gathering of information about a target prior to launching an attack. Most attacks begin by gathering as much information as possible about the target. A wealth of useful information can be gathered using today’s vast array of information sources. This information may include specifics about the target’s network, systems, and users that can be used to plan an attack and assess risk. The internet is an excellent resource for locating any kind of information that can assist an attacker in planning an attack.

Mastering the Preparation Phase in penetration testing engagements

In our previous posts we discussed the overall penetration testing workflow that we follow here at Mossé Security. In this article we will look at the ‘Preparation’ phase in detail.

Introduction to the Penetration Testing Workflow

Implementing a standard workflow can help an organization become more efficient and productive. A standard workflow should be simple and easy to understand, so that it can be followed by everyone in the organization. It enables better communication and collaboration between team members. By having standardized procedures, employees are able to easily complete their tasks and know what is expected of them. Additionally, standard workflow can help to ensure that tasks are completed in a timely and accurate manner.

Example of a penetration testing report executive summary

A penetration test report executive summary is a document that states the findings of a penetration test in a clear and concise way. The purpose of this summary is to provide management with a high-level overview of the test, so they can decide whether or not to pursue further action.