Items Tagged with "Penetration Testing"


What’s New in PCI DSS v3.0 for Penetration Testing?

May 20, 2014 Added by:Nima Dezhkam

As a main area of our interest, PCI v3.0 enhances the Penetration Testing requirement by adding guidelines that help both the organizations and the auditors to better show and understand two important areas of concern in every PCI compliance effort.

Comments  (0)


Debunking Myths: Penetration Testing is a Waste of Time

April 04, 2013 Added by:Rohit Sethi

Before you perform your next security verification activity, make sure you have software security requirements to measure against and that you define which requirements are in-scope for the verification.

Comments  (0)


The Importance of Sample Size in Social Engineering Tests

January 16, 2013 Added by:Matt Neely

Information security has a problem. We make far too many decisions without having reliable data to assist in our decision making process. Because of this, far too many information security professionals use what I call Gut 1.0 to make decisions based on gut feel...

Comments  (0)


Preventative -v- Detective Security

December 02, 2012 Added by:Simon Moffatt

Security has several issues from a proactive implementation perspective. Like anything, a detailed return on investment, including both tangible and non-tangible benefits, is required...

Comments  (0)


Pen Test vs. Vulnerability Scan: You know the difference, but do they?

November 28, 2012 Added by:Stacey Holleran

Small business owners often don't have someone who is versed in network security. So when they are told they need a “network penetration test” to comply with PCI DSS, many will contact the growing number of companies offering inexpensive testing services...

Comments  (5)


Post Exploitation Command Lists: Request to Edit

November 07, 2012 Added by:Rob Fuller

If you would like to contribute, please shoot me a tweet, a email, a... anything and I will gladly add you to the permissions to edit. Honestly it just became so overwhelming that every time I thought to add something I would cringe away because I know I'd spend most of time fixing them...

Comments  (0)


IP Analysis with AV Tracker

November 04, 2012 Added by:Rob Fuller

Ever set up a multi/handler and get an odd IP hitting it? You might have just been caught. AV Tracker is a site that tracks the different IP addresses, hostnames, computer names and user agents that AV and other submit-your-malware-here drop boxes use...

Comments  (0)


Getting System the Lazy Way

October 31, 2012 Added by:f8lerror

We know all that many users are local administrators. We also know we can send or drop binaries to these users and they will run whatever we want them to. The problem lies in when they run the binary if they don’t run it as admin we may not be able to get system level access. To be honest that is the level I want...

Comments  (0)


Advanced Penetration Testing for Highly Secured Environments: The Ultimate Security Guide

October 31, 2012 Added by:Dan Dieterle

What information is being broadcast by your computers, company, or employees, that don’t show up in a software scan? Many companies think that if they just run a vulnerability scan and it passes that they are good, but is this an accurate test of your network security?

Comments  (0)


Free Shells with Plink and Pageant

October 21, 2012 Added by:Rob Fuller

Watching Egypt’s talk at DEFCON 20 he mentioned the ability to jump on on a system when pageant (puTTY’s ssh-agent equivalent) is running. So I wanted to figure out the best way to get this going. Here is what I came up with...

Comments  (0)


The New Social Engineering Toolkit vs Windows 7 and 8

October 08, 2012 Added by:Dan Dieterle

Cyber genius David Kennedy (aka The Mad Hugger) and his rockstar team have done it again. Just when you thought your Anti-Virus was safe, the TrustedSec team has shown once again that pinning all your corporate security hope on AV protection alone is not a good strategy...

Comments  (1)


Completely In-memory Mimikatz with Metasploit

October 07, 2012 Added by:Rob Fuller

For mimikatz to automatically send commands require double quotes in the command line arguments, so we use single quotes in meterpreter to encircle the execute arguments (-a). Running first "sekurlsa::logonPasswords full" then 'exit' to auto-exit mimikatz console...

Comments  (0)


MS08-067 Celebrates Another Birthday

October 04, 2012 Added by:Jeremy Sobeck

As a Penetration Tester, this vulnerability is sought out because it is highly reliable and very low risk. As an attacker, the fact is the attack still works. The vulnerability was widely used in conjunction with the Conficker worm, which affected more than 9 to 15 million systems...

Comments  (0)


Old School On-Target NBNS Spoofing

September 30, 2012 Added by:Rob Fuller

So it turns out that Windows Firewall talks IP addresses just like any other firewall, so if you configure FakeNetBIOSNS to tell everyone that the IP address for whatever they looked up is YOUR IP, guess what, no need to bypass the spoof filters...

Comments  (7)


Investigating In-Memory Network Data with Volatility

September 25, 2012 Added by:Andrew Case

This post will discuss Volatility’s new Linux features for recovering network information including enumerating sockets, network connections, and packet contents, and will discuss each plugin along with implementation, how to use it, output, and which forensics scenarios apply...

Comments  (0)


Metasploit Persistence

September 24, 2012 Added by:f8lerror

You pop a box, get your meterpreter shell at the end of the day. You leave your shell, come back in the morning and find out the connection dropped because the system rebooted. Luckily @Carlos_Perez/Darkoperator made a persistence script that is included in Metasploit...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »