A backdoor shell can be a PHP, ASP, JSP, etc. piece of code which can be uploaded on a site to gain or retain access
This is part 4 in a series. Part 1 is available here:w3af Tutorial Part 1 Part 2 is available here:Discovery and Audit plugins Part 3
Testing firewall and IDS rules is a regular part of penetration testing or security auditing. However, because of the unique complexity involved of different environments,
Authentication or E-authentication (Electronic authentication) is the way, technique, and method to establish a connection between two entities. This connection is based on confidence and
Introduction Ammonite is a Fiddler extension used to scan web applications for common vulnerabilities like verbose and blind SQL injection, OS commanding, local file inclusion,
iPhone forensics can be performed on the backups made by iTunes or directly on the live device. This Previous article on iPhone forensics detailed the
For many years, there has been a territorial dispute between China and Philippines over the Scarborough Shoal (Philippine Term: Panatag Shoal) or Huangyan Island (Chinese
In general, web developers care for some common vulnerability in web applications. But there are some dangerous and less known vulnerabilities, which widely exist on
Introduction As logs never lie, it’s very important to aggregate and analyze the internal and external network logs constantly so that companies can prevent breach
Works against Java, AppleUpdate, Google Analytics, Skype, Blackberry and more Introduction We all know that hackers are constantly trying to steal private information by getting
Preview Sharing source code with peers is one thing; sharing secrets over a public medium is another. The all-seeing eye of Google has no mercy,
During penetration testing, the main objective of the auditor is to exploit and gain access. For that to happen, it is required to have some
Web application security is always an important topic to discuss because websites seem to be the first target of malicious hackers. Hackers use websites to
In the previous article w3af walkthrough and tutorial part 2 – Discovery and Audit plugins, we looked at the various discovery and audit plugins used by w3af
Wireless Penetration Testing in my opinion is one of the most fun parts of Ethical Hacking. It incorporates application exploits once you are on the
Nowadays, every organization uses digital data storage and web application to manage and update data. As internet usage increases, it is important to digitize everything
Armitage is a GUI for Metasploit which makes penetration testing easier. It was developed by Raphael Mudge. This tool helps to reduce the time and
With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a
Web Application Security: A Beginner’s Guide provides IT professionals with an actionable, rock-solid foundation in Web application security–from a complete overview of the tools and
During vulnerability assessment or penetration testing, identifying the input vectors of the target application is a primordial step. Sometimes, when dealing with Web application testing,
Web application security is a serious and an important topic to discuss nowadays, since hacking attacks are common. There are hundreds and thousands of tutorials
1) Mexican Drug Gangs Kidnap Computer Hackers and Programmers Mexican drug trafficking organizations are increasingly demonstrating a desire to make money from cyber-crime, attracted by
DarkComet used in Syrian Conflict? On February 17th the CNN published an interesting article, where some Syrian’s regime opponents claimed that the government was using
Jynx2 is the second installment in the LD_Preload Jynx Rootkit series first released October 19, 2011 at blackhatacademy.org. See references for earlier versions and additional information. Features: Hooks
Web based interfaces are convenient for managing networking equipment, but under no circumstances should these be open to the world and the internet. Many networks
In the previous article w3af walkthrough and tutorial Part 1 we looked at how to use the w3af console. We also learnt about the different
Clickjacking is one of the most used attacks by spammers on Facebook. Almost in every month, we face a new type of clickjacking attack on
In this paper we will talk about a non-common vector of SQL injections. Read more… (1241 words, 1 image, estimated 4:58 mins reading time) This
Translating layer 2 local addresses to layer 3 globally routable addresses is the sole responsibility of the Address Resolution Protocol. ARP spoofing is a fun
Metasploit is a wonderful tool containing several exploits, giving the user an array of possibilities for penetration testing. It was designed to help the pen
Web Application vulnerabilities in social networking sites are very common these days. In this article, we will discuss a vulnerability found in social networking sites
w3af (Web Application audit and attack framework) is a framework for auditing and exploitation of web applications. In this series of articles we will be
We like to read the latest and greatest security books, andsometimes the author and/or publisher is generous enough to share an extended with us –
Introduction In the second installment of this series, we discussed one of the most prevalent attacks to applications: SQL Injection. The previous discussion introduced the
The pcAnywhere source code leaked out onto the internet late January 2012 includes 47,021 files weighing in at 1.3GB. The October 2006 snapshot provides an
With the advancement of the technology in the field of computers, requirement for hybrid setups has also escalated. Nowadays every company is using a heterogeneous
Phishing is a popular and successful way of gaining authentication data for many different online services. It is the main method of compromising Gmail, Facebook,
Introduction There are multiple intercepting proxy tools available and Burp Suite is one of the best tools available for interception. If you are not yet
DNS is a naming system which coverts human readable domain names into computer readable IP addresses. Whenever there is a query for a domain which
WordPress is one of the best and most popular content management system (CMS) among bloggers and there are a lot of bloggers using WordPress as
