As you are aware, any penetration test starts from information collection. You have to find out what operating system is running on the remote host, and only then you can start looking for vulnerabilities in it. This article presents seven useful tools used inter alia for OS detection and explains their operation principles.
DoS attacks on ModSecurity: Exploiting critical bug in popular WAF
A critical vulnerability resulting in a denial-of-service error has been recently discovered in ModSecurity, a popular web application firewall (WAF) for Apache, IIS, and Nginx. The bug is truly severe: not only does the library stop working, but applications using it as well. Let’s see what was the mistake of the ModSecurity developers and how we, ethical hackers, can exploit this vulnerability in our penetration tests.
Protecting MikroTik. How to make your router safe
Firmware of popular routers often contains errors identified by security researchers on a regular basis. However, it is not enough just to find a bug – it must be neutralized. Today, I will explain how to protect your network against known and yet-unknown vulnerabilities in RouterOS.
The deplorable four. Testing free antiviruses: Huorong, Preventon, Zoner, and FS Protection
Today, I am going to battle-test four antivirus programs: a British one, a Chinese one (featuring an original engine), a Finnish one, and an exciting Czech project at the beta-version stage. All of them are free and offer extra protection features aside from the basic system scan. Let’s pit the new antiviruses against hordes of trojans and worms I prepared for them!
The weakest link. Phishing emails as a pentesting tool
Conventional wisdom holds that the most vulnerable component of any computer system is its user. Humans may be inattentive, unthoughtful, or misinformed and easily become victims of phishing attacks. Accordingly, this weak link must be tested for security as thoroughly as the software and hardware components.
Diabolically reddish pentest. Building tunneling chains through docker containers on a Hack the Box virtual machine
How to seize control over a host located in a different subnetwork? The right answer is: build numerous intricate tunnels. This article addresses tunneling techniques and their application in pentesting using as an example Reddish, a hardcore virtual machine (insane difficulty level: 8 out of 10) available on Hack The Box training grounds.
Hack the web! Checking web sites for vulnerabilities and exploiting them
Hacking web sites is one of the most common attack types. This article is dedicated to such attacks and protection against them. I will address the pentesting basics for web applications and explain how to deal with popular web engines using real-life examples.