HackDig : Dig high-quality web security articles for hacker

Phishing – Ask and ye shall receive

During penetration tests, our primary goal is to identify the difference in paths that can be used to obtain the goal(s) as agreed upon with our customers. This often succeeds due to insufficient hardening, lack of awareness or poor password hygiene. Sometimes we do get access to a resource, but do not have access to the username or password of the user that
Publish At:2019-09-19 23:30 | Read:304 | Comments:0 | Tags:audits Blog pentest Uncategorized

Your trust, our signature

Written and researched by Mark Bregman and Rindert Kramer Sending signed phishing emails Every organisation, whatever its size, will encounter phishing emails sooner or later. While the number of phishing attacks is increasing every day, the way in which phishing is used within a cyber-attack has not changed: an attacker comes up with a scenario which looks
Publish At:2019-09-19 23:30 | Read:626 | Comments:0 | Tags:audits Blog pentest Uncategorized email hacking phishing

Syncing yourself to Global Administrator in Azure Active Directory

This blog describes a vulnerability discovered by Fox-IT last year in Azure AD Connect, which would allow anyone with account creation privileges in the on-premise Active Directory directory to modify the password of any cloud-only account in Azure AD. Because of the way accounts are commonly configured, this could often enable an attacker to take over the h
Publish At:2019-09-19 23:30 | Read:464 | Comments:0 | Tags:Blog pentest

Post #WannaCry Reaction #127: Do I Need a Pen Test?

By Daniel MiesslerIn the wake of WannaCry and other recent events, everyone from the Department of Homeland Security to my grandmother are recommending penetration tests as a silver bullet to prevent falling victim to the next cyber attack. But a penetration test is not a silver bullet, nor is it universally what is needed for improving the security po
Publish At:2017-05-20 01:45 | Read:3128 | Comments:0 | Tags:#WannaCry cyber attack daniel meissler ioactive penetration

SecureLayer7 Gratis PenTest Summer 2017

Overview Under the Gratis Pentest 2016, we have evaluated security postures of two open source applications i.e. Refinery CMS, PageKit CMS. We perform the penetration testing for the deserving Open Source Application as SecureLayer7’s contribution to Open Source Community. We allocate two or three days full time from our working hours, to yield a numbe
Publish At:2017-02-26 04:25 | Read:2554 | Comments:0 | Tags:News penetration testing pentest

PageKit Open Source CMS Penetration Test

Overview Under the SecureLayer7’s Gratis Pentest Summer 2016, our consultant “Saurabh Banawar” have performed the 2 days penetration testing on the PageKit open source CMS application. Following vulnerabilities Saurabh have found during the penetration testing. Vertical/Horizontal Authentication Bypass or Password Reset Vulnerability (Crit
Publish At:2017-01-31 19:45 | Read:2533 | Comments:0 | Tags:Knowledge-base SecureLayer7 Services penetration testing pen

Pentest Toolbox Additions 2016

I’ve added some handy tools to my pentest toolbox this year. You’ll find a short description of each with links to more information below. Whether red or blue team, you’ll want to know what these tools can do.Password SprayingPassword spraying is guessing a few passwords against a large list of users in order to avoid account lockout. You w
Publish At:2016-11-08 16:05 | Read:4027 | Comments:0 | Tags:Featured Articles IT Security and Data Protection Blue Team

Some Notes on Utilizing Telco Networks for Penetration Tests

After a couple of years in pentesting Telco Networks, I’d like to give you some insight into our pentesting methodology and setup we are using for testing “Mobile and Telecommunication Devices”. I am not talking about pentesting professional providers’ equipment (as in previous blogposts), it is about pentesting of devices that have a
Publish At:2016-05-25 14:40 | Read:3619 | Comments:0 | Tags:Security Tools 2G gsm IoT pentest sms Telco

The iOS Get out of Jail Free Card

By Michael Allen @_Dark_Knight_If you haveever been part of a Red Team engagement, you will be familiar with the “Get outof Jail Free Card". In a nutshell, it’s a signed document giving youpermission to perform the activity you were caught doing. In some instances,it’s the difference between walking away and spending the night in a jail ce
Publish At:2015-09-16 00:30 | Read:4094 | Comments:0 | Tags:hacking iOS iOS hacking michael allen mobile apps mobile hac

Saving Polar Bears When Banner Grabbing

As most of us know, the Earth’s CO2 levels keep rising, which directly contributesto the melting of our pale blue dot’s icecaps. This is slowly but surely makingit harder for our beloved polar bears to keep on living. So, it’s time for usinformation security professionals to help do our part. As we all know, everypacket traveling over the
Publish At:2015-07-30 10:25 | Read:9025 | Comments:0 | Tags:hacking ioactive labs tools penetration testing pentest port

PwC chooses ImmuniWeb for vulnerability and penetration testing

PwC chooses ImmuniWeb for vulnerability and penetration testing Posted by Kevin on July 14, 2015.PCI DSS mandates at least annual vulnerability scanning and penetration testing. But there are well known problems with both. Vulnerability scanning on its own is not ultimately enough; and
Publish At:2015-07-14 23:15 | Read:3437 | Comments:0 | Tags:News News_cloud News_vulnerabilities ImmuniWeb pentest vulne

The Evil CVE: CVE-666-666 – “Report Not Read”

I had an interesting discussion with a friend this morning. He explained that, when he is conducting a pentest, he does not hesitate to add sometimes in his report a specific finding regarding the lack of attention given to the previous reports. If some companies are motivated by good intentions and ask for regular pentests against their infrastructure or a
Publish At:2015-02-27 00:45 | Read:3004 | Comments:0 | Tags:Pentesting Security CVE Pentest Report

My Little Pwnie Box

As a pentester, I’m always trying to find new gadgetstools to improve my toolbox. A few weeks ago, I received my copy of Dr Philip Polstra’s book: “Hacking and Penetration Testing with Low Power Devices” (ISBN: 978-0-12-800751-8). I had a very interesting chat with Phil during the last BruCON edition and I was impressed by his “
Publish At:2015-02-19 19:30 | Read:4961 | Comments:0 | Tags:Hardware Pentesting Security Beagle Beaglebone Pentest The D

Weekly Metasploit Wrapup: SQL Server Privileges, Templating New Modules

Microsoft SQL Server Pen-Tester Pro TipThis week, we've landed a trio of fun and interesting modules from long-time Metasploit community contributor Scott nullbind Sutherland which automate up a couple Pro Tips on what to do when you've scored a login on a Microsoft SQL Server during a penetration test. One of these is a method to escalate the privileges of
Publish At:2014-11-14 13:50 | Read:3650 | Comments:0 | Tags:udp mssql database pentest templates weekly-wrapup

A Quick Peek at Network Injection

Like many of you, I’ve been looking at the various NSA document leaks to see what kind of tools and techniques are being used. I suppose these releases will give cybercriminals new ideas and we will see some of these put to nefarious use sooner than later. This particular article was very interesting, especially the concept of network injectors. I
Publish At:2014-08-21 09:00 | Read:8013 | Comments:0 | Tags:Pentest Tools inject intercept network injection poc


Share high-quality web security related articles with you:)


Tag Cloud