Automated OSINT for Security Assessments
If you are a red teamer or a penetration tester you got to love tools which automate your discovery process and make your life...
NIST Publications on Penetration Testing
Penetration testing is an important part of security for any organization that handles sensitive information. It helps ensure that systems are secure against attacks...
Penetration Testing: Create a DNS Zone Transfer Lab
While performing penetration testing against your target one of the things you will look for is if you can perform a DNS Zone transfer.
What...
Find Information About a Person on Instagram with OSINTgram
OSINT or "Open Source INTeligence" plays a critical role in the field of cybersecurity. It can be used by your company to boost your...
A List of Tools to Help you Detect the Log4j Vulnerability
How can you detect the Log4j zero day vulnerability (known as Log4shell)? Here’s a list of FREE Log4j vulnerability scanner tools.
Amazon Inspector and AWS
The Amazon...
Build a Penetration Testing Lab on a Raspberry Pi with DVWA
Build a PenTest Lab on a Raspberry Pi with DVWA
Hunt a Username on Social Media with Sherlock
Many users register themselves on websites using the same username. If you are performing an investigation on a person, and especially if you know...
Web Dashboard for your Nmap Scans
During the discovery phase of a vulnerability assessment or penetration testing it is almost certain that you will utilize the infamous tool nmap.
You may...
How To Find Domains Owned by a Company
Why Should You Find Domains Owned by a Company?
During a black box, or grey box penetration testing engagement for a company, one of the...
Find Web Server Vulnerabilities With Nikto
What is Nikto
Nikto is an open source scanner capable of scanning for over 6700 items to detect any misconfigurations on web servers like Apache,...
Discover Subdomains During A Penetration Testing Engagement
During an external penetration test, and especially if it is a black-box engagement, one of the most important steps is the discovery of subdomains...
Enumerate and Capture Website Files Metadata
Many organizations are uploading files on their websites like pdf, word and excel without being aware that they are exposing sensitive information. This information...