Published in System Weakness·PinnedAV EVASION TECHNIQUESHow to fool the Microsoft Defender and other anti-virus systems. INTRODUCTION During the Penetration Testing, if you come across a Windows OS, in most cases it will be protected at least by the basic anti-virus system called "Microsoft Defender". …Cybersecurity11 min read
PinnedSolid MetasploitPenetration testing of the corporate network using Metasploit — INTRODUCTION During a full penetration test of the corporate network, you will need many tools to accomplish different tasks to find and exploit vulnerabilities. You will usually find yourself in a situation where you have to manage many sessions at once. Imagine a scenario where you compromised 10 hosts and you…Cybersecurity19 min read
Published in System Weakness·PinnedThe shades of tunnelingSolution of common pivoting problems during a Penetration Test — During penetration testing, you may encounter the scenario when you want to be able to pivot through one of the compromised hosts to gain access to other systems in the internal network and continue testing. …Cybersecurity9 min read
Published in System Weakness·6 days agoAppSec Tales VI | 2FAApplication Security Testing of the 2FA form guidelines. INTRODUCTION This is the sixth article in the AppSec series which describes how to test 2FA forms to ensure a secure authentication process. The advice in this article is based on: OWASP Web Security Testing Guide OWASP Application Security Verification Standard NIST recommendations …Cybersecurity7 min read
Published in System Weakness·May 2AppSec Tales V | Pass ChangeApplication Security Testing of the Password Change form guidelines. INTRODUCTION This is the fifth article in the AppSec series which describes how to test Password Change forms to ensure a secure authentication process. The advice in this article is based on: OWASP Web Security Testing Guide OWASP Application Security Verification Standard …Cybersecurity4 min read
Published in System Weakness·Apr 27AppSec Tales IV | Email ChangeApplication Security Testing of the Email Change form guidelines. INTRODUCTION This is the fourth article in the AppSec series which describes how to test Email Change forms to ensure a secure authentication process. The advice in this article is based on: OWASP Web Security Testing Guide OWASP Application Security Verification Standard …Cybersecurity8 min read
Published in System Weakness·Apr 24AppSec tales III | Password RecoveryApplication Security Testing of the Password Recovery form guidelines. INTRODUCTION This is the third article in the AppSec series which describes how to test Password Recovery forms to ensure a secure authentication process. The advice in this article is based on: OWASP Web Security Testing Guide OWASP Application Security Verification Standard …Cybersecurity7 min read
Published in System Weakness·Apr 20AppSec Tales II | Sign-inApplication Security Testing of the Login form guidelines. INTRODUCTION This is the second article in the AppSec series which describes how to test Login forms to ensure a secure authentication process. The advice in this article is based on: OWASP Web Security Testing Guide OWASP Application Security Verification Standard NIST recommendations …Cybersecurity9 min read
Apr 15RastaLabs guide — HTBRastaLabs Pro Lab Tips && Tricks INTRODUCTION This article does not go step-by-step on how to complete machines, instead focuses on the tools and techniques you should know to complete a Pro Lab. …Cybersecurity12 min read
Published in System Weakness·Apr 5AppSec Tales I | Sign-upApplication Security Testing of the Register form guidelines. INTRODUCTION This is the first article in the AppSec series which describes how to test Registration forms to ensure a secure authentication process. The advice in this article is based on: OWASP Web Security Testing Guide OWASP Application Security Verification Standard NIST recommendations …Cybersecurity9 min read
