101 private links
Again a great collection of things worth reading all around bug bounty and pentesting.
This time a video, I haven't watched it completly until now, but I scrolled through the slide deck and think it is worth watching.
When we browse any application that application server fetch data such as images, web pages from different locations on the same server or maybe from a different server on the internet. So to make…
My personal hacklab, create your own. Contribute to johackim/docker-hacklab development by creating an account on GitHub.
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics. - tanprathan
This course is a comprehensive overview of web security. The goal is to build an understanding of the most common web attacks and their countermeasures. Given the pervasive insecurity of the modern web landscape, there is a pressing need for programmers and system designers to improve their understanding of web security issues.
We'll be covering the fundamentals as well as the state-of-the-art in web security.
Topics include: Principles of web security, attacks and countermeasures, the browser security model, web app vulnerabilities, injection, denial-of-service, TLS attacks, privacy, fingerprinting, same-origin policy, cross site scripting, authentication, JavaScript security, emerging threats, defense-in-depth, and techniques for writing secure code. Course projects include writing security exploits, defending insecure web apps, and implementing emerging web standards.
Often during pen tests you may obtain a shell without having #tty, yet wish to interact further with the system. Here are some commands which will allow you to spawn a tty shell. Obviously some of this will depend on the system environment and installed packages.
NMAP (Network Mapper) is the de facto open source network scanner used by almost all security professionals to enumerate open ports and find live hosts in a network (and much more really).
Nmap is the most known port scanner, written and maintained by Gordon Lyon (Fyodor).
It can be used for network discovery and for most security enumeration during the initial stages of penetration testing.
Nmap has a multitude of options and when you first start playing with this tool it can be a bit daunting, so today i want to propose a brief cheat-sheet.
The fast, easy, and affordable way to train your hacking skills.