Ethical Hacker's Penetration Testing Guide. Vulnerability Assessment and Attack Simulation on Web, Mobile, Network Services and Wireless Networks, Samir Kumar Rakshit, 2022
The book is a hands-on guide that will take you from the fundamentals of pen testing to advanced security testing techniques. This book extensively uses popular pen testing tools such as Nmap, Burp Suite, Metasploit, SQLmap, OWASP ZAP, and Kali Linux.
A detailed analysis of pentesting strategies for discovering OWASP top 10 vulnerabilities, such as cross-site noscripting (XSS), SQL Injection, XXE, file upload vulnerabilities, etc., are explained. It provides a hands-on demonstration of pentest approaches for thick client applications, mobile applications (Android), network services, and wireless networks. Other techniques such as Fuzzing, Dynamic Scanning (DAST), and so on are also demonstrated. Security logging, harmful activity monitoring, and pentesting for sensitive data are also included in the book.
#book #pentest #kali
The book is a hands-on guide that will take you from the fundamentals of pen testing to advanced security testing techniques. This book extensively uses popular pen testing tools such as Nmap, Burp Suite, Metasploit, SQLmap, OWASP ZAP, and Kali Linux.
A detailed analysis of pentesting strategies for discovering OWASP top 10 vulnerabilities, such as cross-site noscripting (XSS), SQL Injection, XXE, file upload vulnerabilities, etc., are explained. It provides a hands-on demonstration of pentest approaches for thick client applications, mobile applications (Android), network services, and wireless networks. Other techniques such as Fuzzing, Dynamic Scanning (DAST), and so on are also demonstrated. Security logging, harmful activity monitoring, and pentesting for sensitive data are also included in the book.
#book #pentest #kali
🔥5👍1👏1
Ethical Hacker’s Penetration Testing Guide.pdf
18.6 MB
Ethical Hacker's Penetration Testing Guide. Vulnerability Assessment and Attack Simulation on Web, Mobile, Network Services and Wireless Networks, Samir Kumar Rakshit, 2022
👍3❤1👏1
CodePath Web Security Guides
Welcome to the open-source CodePath web security guides! Our goal is to become the central crowdsourced resource for complete and up-to-date web security content and tutorials.
Wiki
https://guides.codepath.com/websecurity
GitHub
https://github.com/codepath/web_security_guides/wiki/
#AppSec
Welcome to the open-source CodePath web security guides! Our goal is to become the central crowdsourced resource for complete and up-to-date web security content and tutorials.
Wiki
https://guides.codepath.com/websecurity
GitHub
https://github.com/codepath/web_security_guides/wiki/
#AppSec
👍3🔥1👏1
Пост-эксплуатация взломанного оборудования Cisco
В этой небольшой статье ты узнаешь как происходит процесс пост-эксплуатации взломанного оборудования Cisco. Покажу несколько трюков, которые, возможно, подарят тебе импакт во время проведения пентеста.
Источник
https://habr.com/ru/post/676942/
#pentest #cisco
В этой небольшой статье ты узнаешь как происходит процесс пост-эксплуатации взломанного оборудования Cisco. Покажу несколько трюков, которые, возможно, подарят тебе импакт во время проведения пентеста.
Источник
https://habr.com/ru/post/676942/
#pentest #cisco
👍3👏3🔥2
Сборник статей по атакам на Active Directory
Сегодня ты узнаешь много нового, касательно Active Directory. На одном из старейших хакерских форумов DaMaGeLaB была опубликована очень интересная серия статей, которая включает в себя описание различных инструментов, основ и нюансов при проведении тестирования на проникновение в AD.
#windows
Сегодня ты узнаешь много нового, касательно Active Directory. На одном из старейших хакерских форумов DaMaGeLaB была опубликована очень интересная серия статей, которая включает в себя описание различных инструментов, основ и нюансов при проведении тестирования на проникновение в AD.
#windows
👍5❤3
Сайт посвящен обзору бесплатного программного обеспечения с открытым кодом для администраторов и безопасников
https://gittool.blogspot.com/
https://gittool.blogspot.com/
👍4❤2
🔥3
Linux Endpoint Hardening to Protect Against Malware and Destructive Attacks
PDF
https://www.mandiant.com/sites/default/files/2022-03/wp-linux-endpoint-hardening.pdf
#linux #hardening
https://www.mandiant.com/sites/default/files/2022-03/wp-linux-endpoint-hardening.pdf
#linux #hardening
🔥2👍1
wp-linux-endpoint-hardening.pdf
402.7 KB
Linux Endpoint Hardening to Protect Against Malware and Destructive Attacks
👍1
Интервью с участником команды True0xA3!
Павел Шлюндин - руководитель канала @redteambro и участник команды True0xA3. Павел имеет большое количество сертификатов по ИБ: OSCP, OSCE, OSWE, CRTE, LPT, eCPTXv2.
Обсудим следующие темы:
✔️ Путь Павла в RedTeam
✔️ Основные отличия RedTeam от Pentest
✔️ Какими навыками должен обладать RedTeam-специалист
✔️ Интересные кейсы в RedTeam проектах
YouTube
https://www.youtube.com/watch?v=XeRa1iCox1w
Павел Шлюндин - руководитель канала @redteambro и участник команды True0xA3. Павел имеет большое количество сертификатов по ИБ: OSCP, OSCE, OSWE, CRTE, LPT, eCPTXv2.
Обсудим следующие темы:
✔️ Путь Павла в RedTeam
✔️ Основные отличия RedTeam от Pentest
✔️ Какими навыками должен обладать RedTeam-специалист
✔️ Интересные кейсы в RedTeam проектах
YouTube
https://www.youtube.com/watch?v=XeRa1iCox1w
YouTube
🔥 Интервью с участником команды True0xA3!
Друзья, мы с хорошими новостями! В это воскресенье вас ждёт стрим-интервью!
В качестве специального гостя - Павел Шлюндин. Руководитель канала @redteambro и участник команды True0xA3.
Также, Павел имеет большое количество сертификатов по ИБ: OSCP, OSCE,…
В качестве специального гостя - Павел Шлюндин. Руководитель канала @redteambro и участник команды True0xA3.
Также, Павел имеет большое количество сертификатов по ИБ: OSCP, OSCE,…
❤4👍4🔥2🤔1
Evasion Techniques and Breaching Defenses by Offensive Security, 2020
Evasion Techniques and Breaching Defenses (PEN-300) is an advanced penetration testing course. It builds on the knowledge and techniques taught in Penetration Testing with Kali Linux, teaching students to perform advanced penetration tests against mature organizations with an established security function.
As a general rule, it will not specifically deal with the act of evading a blue team but rather focus on bypassing security mechanisms that are designed to block attacks. This course is one of the replacements for the Cracking the Perimeter (CTP) course, which was retired October 15, 2020.
Students will learn how to: Bypass defenses Perform advanced attacks while avoiding detection Compromise systems configured with security in mind Those who complete the course and pass the 48-hour exam earn the Offensive Security Experienced Penetration Tester (OSEP) certification
#book #pentest
Evasion Techniques and Breaching Defenses (PEN-300) is an advanced penetration testing course. It builds on the knowledge and techniques taught in Penetration Testing with Kali Linux, teaching students to perform advanced penetration tests against mature organizations with an established security function.
As a general rule, it will not specifically deal with the act of evading a blue team but rather focus on bypassing security mechanisms that are designed to block attacks. This course is one of the replacements for the Cracking the Perimeter (CTP) course, which was retired October 15, 2020.
Students will learn how to: Bypass defenses Perform advanced attacks while avoiding detection Compromise systems configured with security in mind Those who complete the course and pass the 48-hour exam earn the Offensive Security Experienced Penetration Tester (OSEP) certification
#book #pentest
👍3