March, 2018

  • 12 March

    WRITING THE PENETRATION TESTING REPORT

    WRITING THE PENETRATION TESTING REPORT

    Writing the Penetration Testing Report: Like every other topic we have discussed, writing a good penetration testing report takes practice. Many penetration testers mistakenly think that they can simply provide the raw output from the tools that they run. This group of people will often collect and nearly organize the …

  • 11 March

    WIRESHARK: SNIFFING NETWORK TRAFFIC

    WIRESHARK: SNIFFING NETWORK TRAFFIC

    Sniffing Network Traffic: Another popular technique that can be used to gain access to systems is network sniffing. Sniffing is the process of capturing and viewing traffic as it is passed along the network. Several popular protocols in use today still send sensitive and important information over the network without …

  • 10 March

    SIFTING THROUGH THE INTEL TO FIND ATTACKABLE TARGETS

    SIFTING THROUGH THE INTEL TO FIND ATTACKABLE TARGETS

    Sifting Through the Intel to Find Attackable Targets: Once you have completed the steps in previously articles, you need to schedule some time to closely review all the reconnaissance and information you have gathered. In most cases, even light reconnaissance should produce a mountain of data. Once the reconnaissance step …

  • 9 March

    FIERCE: WHAT TO DO WHEN ZONE TRANSFERS FAIL

    FIERCE: WHAT TO DO WHEN ZONE TRANSFERS FAIL

    Zone Transfers Fail: As we have previously discussed, most administrators are savvy enough to prevent random people from completing an unauthorized zone transfer. However, all is not lost. If your zone transfer fails, there are dozens of good DNS interrogation tools. Fierce is an easy to use, powerful Perl script …

  • 8 March

    Extracting Information From DNS

    Extracting Information From DNS

    Extracting Information from DNS: DNS servers are an excellent target for hackers and penetration testers. They usually contain information that is considered highly valuable to attackers. DNS is a core component of both our local networks and the Internet. Among other things, DNS is responsible for the process of translating …

  • 7 March

    Brief Guide on HOST

    Brief Guide on HOST

    Host: Oftentimes, our reconnaissance efforts will result in host names rather than IP address. When this occurs, we can use the “host” tool to perform a translation for us. The host tool is built into most Linux systems including Kali. We can access it by opening a terminal and typing: …

  • 6 March

    The Basics of Web Hacking: Our Approach

    The Basics of Web Hacking: Our Approach

    Basics of Web Hacking: Our approach is made up of four phases that cover all the necessary tasks during an attack. Reconnaissance Scanning Exploitation Fix It’s appropriate to introduce and discuss how these vulnerabilities and attacks can be mitigated, thus there is a fix phase to our approach. As a …

  • 5 March

    Noteworthy HTTP Headers

    Noteworthy HTTP Headers

    Noteworthy HTTP Headers: Each HTTP cycle also includes headers in both the client request and the server response that transmit details about the request or response. There are several of these headers, but we are only concerned with a few that are most applicable to our approach covered in this …

  • 4 March

    Noteworthy HTTP Status Codes

    Noteworthy HTTP Status Codes

    HTTP Status Codes: As web server responses are received by your browser, they will include a status code to signal what type of response it is. There are over 50 numerical HTTP responses codes grouped into five families that provide similar type of status codes. Knowing what each type of …

  • 3 March

    The Early Days of Hacking

    The Early Days of Hacking

    The Early Days of Hacking: The idea of hacking and hackers goes way back to the first technologies enthusiastic that wanted to learn about new technology and were curious about how it worked. They were the same types of people who today are interested not only in acquiring all sorts …