Amateur Security Archaeologists, trying not to break things.

Tag: Cyber (Page 6 of 6)

Roll Your Own Kill Chain

When we conduct penetration tests, we are trying to mimic the actions an actual intruder or attacker would use to gain illicit access or otherwise compromise target systems. Knowing how they attack influences how we plan our penetration test. Most pen testers mimic some version of the Cyber Kill Chain discussed in a previous post. When Jason and I sought to write the Raspberry Pi pentesting update, we took some liberty with the Kill Chain.  We crafted a version to suit our needs for penetration testing. We did our best to show how different tools we used to get our Raspberry Pi through the entire operation:

Continue reading

What’s Pen Testing All About?

Most folks are starting to gain familiarity with Hollywood’s interpretation of hacking, if not the real-world. Mr. Robot‘s ascension and the rapid-fire news cycle has seen a ton of prominent stories bombard the public. You probably get some interesting dinner conversations 😉 Inevitably, the public’s views of hackers as malicious and evil agents, either working for profit or for an adversarial nation-state, has come to dominate the discussion.

Continue reading

5 Best Practices for Running a Pen-Test

Pen-testing can be a daunting task.  Where do I start, what do I test, and what is important are often questions I hear from people starting this adventure for the first time.  This is a common feeling, and one that I felt as well.  I have compiled a list of 5 of my favorite pen-testing best practices that I have observed as well as learned from others.

Continue reading

Setting Up a Web Pen Test Lab

Mike here – I am going to pull some tidbits from the Mastering Kali for Web Pen Test book to help get things rolling – we’ll mix up the content between topics, but I wanted to give you something to chew on 😉

So you are probably asking, When can we have some pen testing fun? Let’s just say soon. We have to establish a safe yet representative environment that can provide ripe targets for the various tests we’d like to run. We also want to push the limits without impacting the performance of some real production applications or their underlying systems or supporting networks. As variety is the spice of life, it also holds true in penetration testing. Continue reading

Newer posts »
Verified by MonsterInsights