In the previous article, we discussed the importance of manual web services penetration testing, how to perform a manual test using SOA Client, how SOA client helps us in most cases, and what the restrictions are that require us to choose other options.
In this article, we will find the […]
In the previous article, we discussed the automated tools available for testing web services, how to automate web services penetration testing using different automated tools, and also why the automation of web services penetration test is not sufficient and manual testing is needed.
In this article, we will focus on […]
We live in a world where we’re connected to each other by a mouse click and a few keystrokes. It’s a revolution that changed the way we live our lives and run our businesses. It affects us in ways that we had never imagined before.
The internet gave us the […]
Microsoft Windows 7 is much more secure than Microsoft Windows XP. The Windows XP operating system has lots of OS vulnerabilities and the malware infection rate is also very high compared to other operating systems. According to the Microsoft Security Intelligence Report, which details in depth the state of […]
In previous posts, I discussed a few browser extensions for Firefox and Chrome that turn the browser into a penetration testing tool. But what if you could get a browser with all those security extensions built in? Yes, it is true. OWASP Mantra is a web browser that comes […]
In the previous article, we discussed the importance of tools in penetration testing, how automation helps in reducing time and effort, and how to automate web services penetration testing using soapUI Pro.
In this article, we will be focusing on what other options are available to automate web services penetration […]
This is a non-technical guide which will make you familiar with the transport layer. The main purpose of writing this guide is to point out why we need major security implementation on the transport layer. What if the components of this layer get compromised?
In today’s digital world, nearly every […]
The NSA FoxAcid Platform
Security expert Bruce Schneier is one of the most authoritative experts who revealed that the NSA has a wide-ranging arsenal of zero-day exploits to use for cyber operations. The revelation isn’t surprising, the security community is aware of the great effort spent by governments on cyber […]
Are you still looking for a suite of tools that may complete your day-to-day activities, or are you just looking for new tools that you can try or play with? No need to worry, because today is your lucky day! Today, I will be mentioning links, resources, and websites […]
Early this year we witnessed major IT firms suffering from data breaches of one kind or another, and they have come out in the open about the breaches, as well. A couple of examples are Apple and Twitter. It’s going to be costly if the enterprises play according to […]
The denial of service (DOS) attack is one of the most powerful attacks used by hackers to harm a company or organization. Don’t confuse a DOS attack with DOS, the disc operating system developed by Microsoft. This attack is one of most dangerous cyber attacks. It causes service outages […]
In the last few years, we have witnessed a wide range of attacks on the SSL/TLS mechanism. In this article, we will try to cover various attacks that were prominent in the field of cryptography. Transport layer security (TLS) ensures integrity of data transmitted between two parties (server and […]
What is Layer 7?
The process of sending and receiving data from one host to another, data encapsulation, is possible due to the existence of a seven layer protocol suite presented as the OSI model (see diagram 1).
Although while examining DoS attacks, we’ll occasionally refer to various layers of this […]
In this article, I am going to tell you everything about SSL: What it is, why we need it, its technical and non-technical aspects, etc. This article covers the introduction, SSL certificate, encryption, the process of encryption, and how your browser interacts with and trusts that certificate provided by […]
In today’s environment of highly interconnected system necessities, bringing down a system may cause a catastrophic damage to an individual in many ways. Hackers are frequent in the market, making exploit kits that can bring down the whole system. Even a novice in hacking technology can use these exploit […]
Brainpan is a vulnerable virtual machine created by superkojiman. It’s a vulnerable virtual machine with vulnerable services and it’s not intended for production use. It’s designed to gain root access on the machine.
The virtual machine can be downloaded from these links:
Direct download: http://download.vulnhub.com/brainpan/Brainpan.zip
Torrent download: http://download.vulnhub.com/brainpan/Brainpan.zip.torrent
The downloaded ZIP file “brainpan.zip” […]
Hey, it’s me again! I’m back for another article about my favorite mini-computer; the Raspberry Pi. This time I’ll be demonstrating some cool DIY projects that I found on the net, which are very easy to setup and apply. Some require a lot of patience and hardware though. The […]
TCP connect scan
TCP connect is a three-way handshake between the client and the server. If the three-way handshake takes place, then communication has been established.
A client trying to connect to a server on port 80 initializes the connection by sending a TCP packet with the SYN flag set and […]