برچسب: Pentest

Acunetix is a web application security scanner that helps you find and fix vulnerabilities in your web applications, web services, and APIs. It can scan any website or web application that uses HTTP or HTTPS protocol and supports various frameworks, languages, and technologies. Acunetix can detect over 7,000 types of vulnerabilities, including OWASP Top 10, SQL injection, XSS, misconfigurations, exposed databases, and more. It also provides vulnerability assessment and management features, such as severity ratings, remediation guidance, false positive reduction, and integration with development tools. Acunetix is available as an on-premise or cloud solution and can be used by businesses of all sizes to automate web application security testing and ensure long-term protection.

ادامه مطلب

Tenable Nessus is a powerful vulnerability scanner that helps you identify and fix security issues in your network, web applications, cloud infrastructure, and more. With Nessus, you can:

  • Scan your IT assets for thousands of known and emerging vulnerabilities, with low false positives and high accuracy.
  • Audit your systems for compliance with industry standards and best practices, such as PCI DSS, CIS Benchmarks, NIST, and more.
  • Discover and assess your internet-exposed attack surface, including web applications, domains, certificates, and cloud assets.
  • Leverage advanced features such as web application scanning, external attack surface scanning, cloud infrastructure scanning, and custom policies.
ادامه مطلب

This path will cover the essential tasks of web application pen testing, walking through each phase of the methodology as if you are shadowing a live application pen test. The scenario will cover testing through an application, discovering and exploiting vulnerabilities found. In addition, there are many vulnerabilities that a web app pen tester should be able to identify and test for. Don’t miss the specialized courses covering a deep-dive into each of these types of vulnerabilities.

Syllabus

Web App Pen Testing: Reconnaissance

Specialized Testing: Sessions and Tokens

Web App Pen Testing: MappingSpecialized Testing: XSS

Specialized Testing: SQL InjectionSpecialized Testing: CSRF

Specialized Testing: DeserializationSpecialized Testing: API Testing

Specialized Testing: Command Injection

Pluralsight – Web App Pen Testing

ادامه مطلب

This series provides the foundational knowledge needed to ethically and effectively discover and exploit vulnerabilities in systems by assuming both the mindset and toolset of an attacker. Through learning how systems are attacked you will gain an understanding of how best to protect systems and improve your organization’s security

Syllabus

Understanding Ethical Hacking

Reconnaissance/Footprinting

Scanning Networks

Enumeration

Vulnerability Analysis

System Hacking

Malware Threats

Sniffing

Social Engineering

Denial of Service

Session Hijacking

Evading IDS, Firewalls, and Honeypots

Hacking Web Servers

Hacking Web Applications

SQL Injection

Hacking Wireless Networks

Hacking Mobile Platforms

Hacking the Internet of Things (IoT)

Cloud Computing

Cryptography

Penetration Testing

Pluralsight: Ethical Hacking Fundamentals

ادامه مطلب

You’ve heard this story before. Bad actor walks into a network and pillages the place in swift action. CIO asks: “Where did we go wrong?” SysAdmin replies “our password, remote access, workstation restriction, and lack of application safelisting policies. Oh, and our SIEM didn’t notify us. We just weren’t ready for that attack.”

In a significant change from the original course, students will be introduced to Microsoft Azure and Sentinel. Each student will be responsible for deploying a cloud lab that includes an Active Directory domain, a C2 server, and integration with AZ Sentinel’s detection platform. All of this will be taught through a proven framework for purple team operations that results in better business outcomes.

Each student will then pollute the AD domain with garbage using BadBlood and wreak havoc on the environment through an updated iteration of the following labs:

  • Organizational reconnaissance
  • Bloodhound, Sharphound and Neo4j
  • Plumhound
  • Group policy preferences
  • Command and control operations
  • Canary accounts for detecting password sprays and Kerberoasting
  • File share poisoning via URL and LNK files
  • Pass the hash attacks
  • DCSync operations
  • Password cracking with John the Ripper
  • Kerberoasting attacks
  • Atomic Red Team

Applied Purple Teaming w/ Kent Ickler and Jordan Drysdale

ادامه مطلب

In this course, you will learn to reverse engineer. That will allow you to protect intellectual property, find vulnerabilities, and pull apart malware. Join me in making the world a little safer. In the prior courses we learned there are 4 main techniques to secure code: design review, static analysis, manual audit, and dynamic (fuzz) testing. But, once the code is fielded, hackers will begin researching exploits against it. In this course, learn how and why compiled binaries are examined and scoured for weaknesses, and why reversing is also a required malware analysis skill and is sometimes needed for low-level developers working with undocumented APIs. After watching this course you’ll be familiar all of the above and with the popular IDA pro tool and how to use it. Download the IDA pro demo to complete the labs.

Syllabus

Using IDA Pro to Reverse Code

Learning x86 and Calling Conventions

Understanding C-to-Assembly and Compiled Structures

Patching a Compiled Binary

Reversing C++

Extending IDA with Scripts

Pluralsight: Security for Hackers and Developers

ادامه مطلب