Blog Posts Tagged with "Penetration Testing"

022aafe7eef823af1fa3931a5539ae49

What’s New in PCI DSS v3.0 for Penetration Testing?

May 20, 2014 Added by:Nima Dezhkam

As a main area of our interest, PCI v3.0 enhances the Penetration Testing requirement by adding guidelines that help both the organizations and the auditors to better show and understand two important areas of concern in every PCI compliance effort.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Debunking Myths: Penetration Testing is a Waste of Time

April 04, 2013 Added by:Rohit Sethi

Before you perform your next security verification activity, make sure you have software security requirements to measure against and that you define which requirements are in-scope for the verification.

Comments  (0)

369dec31d888693bba6b6e0f39c14ce3

The Importance of Sample Size in Social Engineering Tests

January 16, 2013 Added by:Matt Neely

Information security has a problem. We make far too many decisions without having reliable data to assist in our decision making process. Because of this, far too many information security professionals use what I call Gut 1.0 to make decisions based on gut feel...

Comments  (0)

65c1700fde3e9a94cc060a7e3777287c

Preventative -v- Detective Security

December 02, 2012 Added by:Simon Moffatt

Security has several issues from a proactive implementation perspective. Like anything, a detailed return on investment, including both tangible and non-tangible benefits, is required...

Comments  (0)

145dfdfe39f987b240313956a81652d1

Pen Test vs. Vulnerability Scan: You know the difference, but do they?

November 28, 2012 Added by:Stacey Holleran

Small business owners often don't have someone who is versed in network security. So when they are told they need a “network penetration test” to comply with PCI DSS, many will contact the growing number of companies offering inexpensive testing services...

Comments  (5)

D8853ae281be8cfdfa18ab73608e8c3f

Post Exploitation Command Lists: Request to Edit

November 07, 2012 Added by:Rob Fuller

If you would like to contribute, please shoot me a tweet, a email, a... anything and I will gladly add you to the permissions to edit. Honestly it just became so overwhelming that every time I thought to add something I would cringe away because I know I'd spend most of time fixing them...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

IP Analysis with AV Tracker

November 04, 2012 Added by:Rob Fuller

Ever set up a multi/handler and get an odd IP hitting it? You might have just been caught. AV Tracker is a site that tracks the different IP addresses, hostnames, computer names and user agents that AV and other submit-your-malware-here drop boxes use...

Comments  (0)

71d85bb5d111973cb65dfee3d2a7e6c9

Getting System the Lazy Way

October 31, 2012 Added by:f8lerror

We know all that many users are local administrators. We also know we can send or drop binaries to these users and they will run whatever we want them to. The problem lies in when they run the binary if they don’t run it as admin we may not be able to get system level access. To be honest that is the level I want...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Advanced Penetration Testing for Highly Secured Environments: The Ultimate Security Guide

October 31, 2012 Added by:Dan Dieterle

What information is being broadcast by your computers, company, or employees, that don’t show up in a software scan? Many companies think that if they just run a vulnerability scan and it passes that they are good, but is this an accurate test of your network security?

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Free Shells with Plink and Pageant

October 21, 2012 Added by:Rob Fuller

Watching Egypt’s talk at DEFCON 20 he mentioned the ability to jump on on a system when pageant (puTTY’s ssh-agent equivalent) is running. So I wanted to figure out the best way to get this going. Here is what I came up with...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

The New Social Engineering Toolkit vs Windows 7 and 8

October 08, 2012 Added by:Dan Dieterle

Cyber genius David Kennedy (aka The Mad Hugger) and his rockstar team have done it again. Just when you thought your Anti-Virus was safe, the TrustedSec team has shown once again that pinning all your corporate security hope on AV protection alone is not a good strategy...

Comments  (1)

D8853ae281be8cfdfa18ab73608e8c3f

Completely In-memory Mimikatz with Metasploit

October 07, 2012 Added by:Rob Fuller

For mimikatz to automatically send commands require double quotes in the command line arguments, so we use single quotes in meterpreter to encircle the execute arguments (-a). Running first "sekurlsa::logonPasswords full" then 'exit' to auto-exit mimikatz console...

Comments  (0)

F63d0b2876c57f0bb53f053dd6b7b747

MS08-067 Celebrates Another Birthday

October 04, 2012 Added by:Jeremy Sobeck

As a Penetration Tester, this vulnerability is sought out because it is highly reliable and very low risk. As an attacker, the fact is the attack still works. The vulnerability was widely used in conjunction with the Conficker worm, which affected more than 9 to 15 million systems...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Old School On-Target NBNS Spoofing

September 30, 2012 Added by:Rob Fuller

So it turns out that Windows Firewall talks IP addresses just like any other firewall, so if you configure FakeNetBIOSNS to tell everyone that the IP address for whatever they looked up is YOUR IP, guess what, no need to bypass the spoof filters...

Comments  (7)

Bdcd1324539ec513ff7c10014b9668b6

Investigating In-Memory Network Data with Volatility

September 25, 2012 Added by:Andrew Case

This post will discuss Volatility’s new Linux features for recovering network information including enumerating sockets, network connections, and packet contents, and will discuss each plugin along with implementation, how to use it, output, and which forensics scenarios apply...

Comments  (0)

71d85bb5d111973cb65dfee3d2a7e6c9

Metasploit Persistence

September 24, 2012 Added by:f8lerror

You pop a box, get your meterpreter shell at the end of the day. You leave your shell, come back in the morning and find out the connection dropped because the system rebooted. Luckily @Carlos_Perez/Darkoperator made a persistence script that is included in Metasploit...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »
Most Liked