I think, were I to be a professional, that web apps would be a significant focus. I don’t have the stones to be a Social Engineering specialist, lack the in-depth OS knowledge to be a malware author, and I haven’t done digital design since vacuum tubes were in vogue (just a slight exaggeration – but I have used those and mag amps!). Web app hacking and pen testing has a fairly low cost of entry – some of the folks I follow show hacks with a browser and their wits. Looking at all of the things that browser can do, it is no wonder why!
Author: Mike (Page 14 of 15)
Most folks are starting to gain familiarity with Hollywood’s interpretation of hacking, if not the real-world. Mr. Robot‘s ascension and the rapid-fire news cycle has seen a ton of prominent stories bombard the public. You probably get some interesting dinner conversations 😉 Inevitably, the public’s views of hackers as malicious and evil agents, either working for profit or for an adversarial nation-state, has come to dominate the discussion.
Pen-testing can be a daunting task. Where do I start, what do I test, and what is important are often questions I hear from people starting this adventure for the first time. This is a common feeling, and one that I felt as well. I have compiled a list of 5 of my favorite pen-testing best practices that I have observed as well as learned from others.
Hello folks! I am often asked about CCIE Security preparation. As a disclaimer, you should know I took the “Latin” version of the exam with Blueprint version 4 (ISE 1.1, legacy IPS, pre-8.2 ASA code, and absolutely nothing cool like Firepower or AMP), so with the release of version 5, things have certainly become much more relevant. That being said, a lot of the prep resources remain the same. I have started re-using the same base email and scrubbed it for aged-out links (believe it or not I used to have more). I hope this helps someone. Continue reading
Mike here – I am going to pull some tidbits from the Mastering Kali for Web Pen Test book to help get things rolling – we’ll mix up the content between topics, but I wanted to give you something to chew on 😉
So you are probably asking, When can we have some pen testing fun? Let’s just say soon. We have to establish a safe yet representative environment that can provide ripe targets for the various tests we’d like to run. We also want to push the limits without impacting the performance of some real production applications or their underlying systems or supporting networks. As variety is the spice of life, it also holds true in penetration testing. Continue reading