Firewall Security Testing
Testing firewall and IDS rules is a regular part of penetration testing or security auditing. However, because of the unique complexity involved of different...
Penetration testing
Information Gathering Using Maltego
The first phase in security assessment is to focus on collecting as much information as possible about a target application.
According to OWASP, information...
The art of writing penetration test reports
You close the lid of your laptop; it's been a productive couple of days. There are a few things that could be tightened up, but overall the place isn't doing...
Abusing IP Protocols to Create Covert Channels when Penetration Testing
This article will talk about the maintaining access step in a penetration test. After an attacker has broken into the system and got access, escalated privileges...
Automated Vulnerability Testing with winAUTOPWN
winAUTOPWN is a minimal Interactive Exploit Framework which acts as a frontend for quick systems vulnerability exploitation. It is a collection of remote exploits...
Standards for Penetration Testing
The cost and quality of penetration tests vary wildly between different vendors. As a response to those differences, a group of security professionals have...
Ideal skill set for the penetration testing
Based on questions I've gotten over the years and specifically in class, I've decided that we need to address some basic skills that every penetration tester...