Apr 17 2023

Lynis – Open Source Security Auditing & Pentesting Tool – 2023

Category: Pen Test,Security ToolsDISC @ 8:50 am

Lynis is an open source security auditing tool. Its main goal is to audit and harden Unix and Linux based systems. It scans the system by performing many security control checks. Examples include searching for installed software and determine possible configuration flaws.

Many tests are part of common security guidelines and standards, with on top additional security tests. After the scan, a report will be displayed with all discovered findings. To provide you with initial guidance, a link is shared with the related Lynis control.

Lynis is one of the most trusted automated auditing tool for software patch management, malware scanning and vulnerability detecting in Unix/Linux based systems. This tool is useful for auditorsnetwork and system administratorssecurity specialists and penetration testers.

Intended audience:

Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOX (Sarbanes-Oxley) compliance audits.

Security specialists, Penetration Testers, System auditors, System/network managers, Security Engineers.

Lynis is compatible with many Operating Systems, such as:

  • AIX
  • Arch Linux
  • BackTrack Linux
  • CentOS
  • Debian, DragonFlyBSD
  • Fedora Core, FreeBSD
  • Gentoo
  • HPUX
  • Kali, Knoppix
  • Linux Mint
  • MacOS X, Mageia, Mandriva
  • NetBSD
  • OpenBSD, OpenSolaris, openSUSE, Oracle Linux
  • PcBSD, PCLinuxOS
  • Red Hat Enterprise Linux (RHEL) and derivatives
  • Sabayon, Scientific Linux, Slackware, Solaris 10, SuSE
  • TrueOS
  • Ubuntu and derivatives

Lynis can also be auditing software such as :

  • Database servers: MySQL, Oracle, PostgreSQL
  • Time daemons: dntpd, ntpd, timed
  • Web servers: Apache, Nginx

Once lynis starts scanning your system, it will perform auditing in a number of categories:

  • System tools: system binaries
  • Boot and services: boot loaders, startup services
  • Kernel: run level, loaded modules, kernel configuration, core dumps
  • Memory and processes: zombie processes, IO waiting processes
  • Users, groups and authentication: group IDs, sudoers, PAM configuration, password aging, default mask
  • Shells
  • File systems: mount points, /tmp files, root file system
  • Storage: usb-storage, firewire ohci
  • NFS
  • Software: name services: DNS search domain, BIND
  • Ports and packages: vulnerable/upgradable packages, security repository
  • Networking: nameservers, promiscuous interfaces, connections
  • Printers and spools: cups configuration
  • Software: e-mail and messaging
  • Software: firewalls: iptables, pf
  • Software: webserver: Apache, nginx
  • SSH support: SSH configuration
  • SNMP support
  • Databases: MySQL root password
  • LDAP services
  • Software: php: php options
  • Squid support
  • Logging and files: Syslog daemon, log directories
  • Insecure services: inetd
  • Banners and identification
  • Scheduled tasks: crontab/cronjob, atd
  • Accounting: sysstat data, auditd
  • Time and synchronization: ntp daemon
  • Cryptography: SSL certificate expiration
  • Virtualization
  • Security frameworks: AppArmor, SELinux, security status
  • Software: file integrity
  • Software: malware scanners
  • Home directories: shell history files

How Lynis works:

In this Kali Linux Tutorial , To run it for the first time, it is recommended to use -c paramater. -c parameter means doing all tests to check the systems. If you want to put the Auditor name, just add –auditor parameter there. Here’s some

Download and Install the Lynis from GitHub 

git clone https://github.com/CISOfy/lynis

$ cd lynis-2.7.3
# ./lynis

samples output :

Once Installed then Start with Auditor or Pentester name .

# lynis -c –auditor “BALAJI”

Figure 1. Initialize

Lynis – Open source security auditing tool

Figure 2. System Tools

Lynis – Open source security auditing tool

Figure 3. Boot & Services and Kernel

Lynis – Open source security auditing tool

Figure 4. Users and Group

Lynis – Open source security auditing tool

Figure 5. Shell and storage

Lynis – Open source security auditing tool

Figure 6. Software, Ports and Packages

6

Figure 7. Networking and Printer

7

Figure 8. Email, Firewalls and Web Server

8

Figure 9. SSH, SNMP and Databases

Lynis – Open source security auditing tool

Figure 10. PHP, Squid Proxy and Logging

10

Figure 11. Inetd, Banner and Cron

11

Figure 12. Accounting, NTP and Cryptography

12

Figure 13. Virtualization, Security Frameworks and File Integrity

13

Figure 14. Malware Scanners, System Tool and Home directory

14

Figure 15. Kernel Hardening

15

Figure 16. Hardening, Custom Tests and Result

lynis_16_hardening_customtests_result

Figure 17. Hardening Index

17

Run Lynis with Custom Tests

Your system may not need to run all the tests. If your server not running a web server, you don’t need to test it. For this purpose, we can use –tests parameter. The syntax is :

# lynis –tests “Test-IDs”

there are more than 100 tests that we can do. Here are some list of Lynis Tests-ID.

  • FILE-7502 (Check all system binaries)
  • BOOT-5121 (Check for GRUB boot loader presence).
  • BOOT-5139 (Check for LILO boot loader presence)
  • BOOT-5142 (Check SPARC Improved boot loader (SILO))
  • BOOT-5155 (Check for YABOOT boot loader configuration file)
  • BOOT-5159 (Check for OpenBSD i386 boot loader presence)
  • BOOT-5165 (Check for FreeBSD boot services)
  • BOOT-5177 (Check for Linux boot and running services)
  • BOOT-5180 (Check for Linux boot services (Debian style))
  • BOOT-5184 (Check permissions for boot files/scripts)
  • BOOT-5202 (Check uptime of system)
  • KRNL-5677 (Check CPU options and support)
  • KRNL-5695 (Determine Linux kernel version and release number)
  • KRNL-5723 (Determining if Linux kernel is monolithic)
  • KRNL-5726 (Checking Linux loaded kernel modules)
  • KRNL-5728 (Checking Linux kernel config)
  • KRNL-5745 (Checking FreeBSD loaded kernel modules)
  • [04:57:04] Reason to skip: Test not in list of tests to perform
  • KRNL-5770 (Checking active kernel modules)
  • KRNL-5788 (Checking availability new kernel)
  • KRNL-5820 (Checking core dumps configuration)

Below is a sample command to run Check uptime of system and Checking core dumps configuration tests. If you want to add more tests, just add more Test-ID separated by space.

# ./lynis –tests “BOOT-5202 KRNL-5820”

111111

To get more Tests-IDs, you can find it inside /var/log/lynis.log. Here’s a trick how to do it.

1. First, we need to run lynis with -c (check-all) parameter.

# ./lynis -c -Q

2. Then look at inside /var/log/lynis.log file. Use cat command and combine it with grep. Let say you want to search Test-ID which related to Kernel. Use keyword KRNL to find it.

# cat /var/log/lynis.log | grep KRNL

2222

Below is a complete keywords of Test-IDs that available in Lynis.

BOOT
KRNL (kernel)
PROC (processor)
AUTH (authentication)
SHLL (shell)
FILE
STRG (storage)
NAME (dns)
PKGS (packaging)
NETW (network)
PRNT (printer)
MAIL
FIRE (firewall)
HTTP (webserver)
SSH
SNMP
DBS (database)
PHP
LDAP
SQD (squid proxy)
LOGG (logging)
INSE (insecure services – inetd)
SCHD (scheduling – cron job)
ACCT (accounting)
TIME (time protocol – NTP)
CRYP (cryptography)
VIRT (virtualization)
MACF (AppArmor – SELINUX)
MALW (malware)
HOME
HRDN (hardening)

Run lynis with categories

If you feel that put a lot of Test-IDs is painful, you can use –test-category parameter. With this option, Lynis will run Test-IDs which are included inside a specific category. For example, you want to run Firewall and Kernel tests. Then you can do this :

# ./lynis –tests-category “firewalls kernel”

3333

Run Lynis as Cronjob

Since security needs consistency, you can automate Lynis to run periodically. Let’s say you want to run it every month to see if there is any improvement since the last Lynis run. To do this, we can run Lynis as a cronjob. Here’s a sample cronjob to run it every month.

#!/bin/sh

AUDITOR=”automated”
DATE=$(date +%Y%m%d)
HOST=$(hostname)
LOG_DIR=”/var/log/lynis”
REPORT=”$LOG_DIR/report-${HOST}.${DATE}”
DATA=”$LOG_DIR/report-data-${HOST}.${DATE}.txt”

cd /usr/local/lynis
./lynis -c –auditor “${AUDITOR}” –cronjob > ${REPORT}

mv /var/log/lynis-report.dat ${DATA}

# End

Save the script into /etc/cron.monthly/lynis. Don’t forget to add related paths (/usr/local/lynis and /var/log/lynis), otherwise the script will not work properly.


InfoSec Threats
 | InfoSec books | InfoSec tools | InfoSec services

Tags: Lynis, Open source security


Mar 02 2023

10 Best Penetration Testing tools

Category: Pen Test,Security ToolsDISC @ 3:15 pm
Penetration Testing

Best Penetration Testing tools

Penetration testing, also known as pen testing, is a process of assessing the security of a computer system or network by simulating an attack from a malicious outsider or insider. The goal is to identify vulnerabilities and weaknesses that can be exploited by attackers to gain unauthorized access to the system.

There are many penetration testing tools available that can help security professionals and ethical hackers to perform effective tests. Here are some of the best penetration testing tools:

  1. Metasploit Framework: It is an open-source penetration testing framework that provides a range of exploits, payloads, and auxiliary modules. It is widely used by penetration testers and security professionals to identify vulnerabilities and exploit them.
  2. Nmap: It is a network exploration and security auditing tool that can be used to scan networks and identify hosts, ports, and services. It can also be used to detect operating systems and versions.
  3. Wireshark: It is a network protocol analyzer that allows you to capture and analyze network traffic. It can be used to detect and analyze network attacks and vulnerabilities.
  4. Burp Suite: It is an integrated platform for performing web application security testing. It includes a proxy server, a scanner, a spider, and other tools that can be used to identify vulnerabilities in web applications.
  5. Aircrack-ng: It is a suite of tools that can be used to crack wireless network passwords. It includes tools for capturing and analyzing network traffic, as well as tools for cracking encryption keys.
  6. John the Ripper: It is a password cracking tool that can be used to test the strength of passwords. It can be used to crack passwords for a range of operating systems and applications.
  7. SQLmap: It is an open-source penetration testing tool that can be used to test the security of SQL-based web applications. It can be used to detect and exploit SQL injection vulnerabilities.
  8. Hydra: It is a password cracking tool that can be used to test the strength of passwords for a range of protocols, including HTTP, FTP, and Telnet.
  9. Nessus: It is a vulnerability scanner that can be used to scan networks and identify vulnerabilities. It can also be used to generate reports and prioritize vulnerabilities based on their severity.
  10. OWASP Zap: The world’s most popular free web security tool, actively maintained by a dedicated international team of volunteers.
  11. Kali Linux: It is a Linux distribution that is specifically designed for penetration testing and ethical hacking. It includes a range of tools for network analysis, vulnerability testing, password cracking, and more.

Latest Pen Testing Titles

Cobalt’s Pentest as a Service (PtaaS) platform, coupled with an exclusive community of testers, delivers the real-time insights you need to remediate risk quickly and innovate securely.

Previous Pen Testing Posts

We’d love to hear from you! If you have any questions, comments, or feedback, please don’t hesitate to contact us. Our team is here to help and we’re always looking for ways to improve our services. You can reach us by email (info@deurainfosec.com), or through our website’s contact form.

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: Penetration Testing tools


Feb 09 2023

API Penetration Testing Checklist

Category: API security,Pen TestDISC @ 3:10 pm

API security is an undervalued but crucial aspect of information security. Some of the most common cyber attacks exploit APIs and web applications, and if organisations are to stay secure, they must test their systems to identify and eradicate weaknesses.

Organisations can achieve this with API penetration tests. An ethical hacker (or ‘penetration tester’) will examine your applications using the same techniques that a cyber criminal would use. This gives you a real-world insight into the way someone might compromise your systems.

Web application and API tests look specifically at security vulnerabilities introduced during the development or implementation of software or websites. There is no single checklist of how exactly the test should be conducted, but there are general guidelines.

Benefits of API penetration testing

The primary purpose of an API penetration test is to protect your organisation from data breaches. This is crucial given the increased risk of cyber attacks in recent years; according to a UK government report, 39% of surveyed organisations said they suffered a security breach in the past year.

By conducting an API penetration test, you will gain a real-world overview of one of the biggest security threats that organisations face. The tester will use their experience to provide guidance on specific risks and advise you on how to address them.

But penetration tests aren’t only about closing security vulnerabilities. Mitigating the risk of security incidents has several other benefits. For instance, you protect brand loyalty and corporate image by reducing the likelihood of a costly and potentially embarrassing incident.

Penetration testing also helps you demonstrate to clients and potential partners that you take cyber security seriously. This gives you a competitive advantage and could help you land higher-value contracts.

Perhaps most notably, penetration testing is a requirement for several laws and regulations. Article 32 of the GDPR (General Data Protection Regulation), for example, mandates that organisations regularly test and evaluate the effectiveness of their technical and organisational measures employed to protect personal data.

Likewise, if your organisation is subject to the PCI DSS (Payment Card Industry Data Security Standard), you must conduct external penetration tests at least once per year and after any significant changes are made to your systems.

API penetration testing checklist

IT Governance has its own proprietary checklist when conducting API and web application penetration tests.

The system is modelled on the OSSTMM (Open Source Security Testing Methodology Manual) and the OWASP (Open Web Application Security Project) methodologies.

A high-level overview of our process is outlined below, with a brief description of what is assessed during each section.

1. Authentication

The penetration tester ensures that appropriate mechanisms are in place to confirm a user’s identity. They then review how the authentication process works, using that information to circumvent the authentication mechanism.

2. Authorisation

The tester verifies that access to resources is provided only to those permitted to use them.

Once roles and privileges are understood, the tester attempts to bypass the authorisation schema, finding path-traversal vulnerabilities and ways to escalate the privileges assigned to the tester’s user role.

3. Session management

The tester ensures that effective session management configurations are implemented. This broadly covers anything from how user authentication is performed to what happens when logging out.

4. Input validation and sanitisation

The tester checks that the application appropriately validates and sanitises all input from the user or the environment before using it.

This includes checking common input validation vulnerabilities such as cross-site scripting and SQL injection, as well as other checks such as file uploads, antivirus detection and file download weaknesses.

5. Server configuration

The tester analyses the deployed configuration of the server that hosts the web application. They then verify that the application server has gone through an appropriate hardening process.

6. Encryption

The tester assesses encryption security around the transmission of communication. This includes checking for common weaknesses in SSL/TLS configurations and verifying that all sensitive data is being securely transferred.

7. Information leakage

The tester reviews the application configuration to ensure that information is not being leaked.

This is assessed by reviewing configurations and examining how the application communicates to discover any information disclosure that could cause a security risk.

8. Application workflow

The tester determines whether the application processes and workflows can be bypassed.

Tests are conducted to ensure that application workflows cannot be bypassed by either tampering with the parameters or forcefully browsing. This ensures the integrity of the data.

9. Application logic

The tester analyses how the application uses, stores and maintains data. They do this by checking the underlying technology and any mitigating controls that may affect the risk to the application.

10. Report

The tester documents their findings. Their reports contains an executive summary, which provides a high-level, non-technical summary of any identified vulnerabilities, alongside a summary of the organisation’s business risks and an overall risk rating.

It also contains a comprehensive review of testing details, such as the scope of the assessment, descriptions of the vulnerabilities identified and their impact, plus proofs of concept that support the findings.

Finally, the report provides the tester’s commentary, where they discuss the issues identified and how the vulnerabilities could be linked within an attack chain. This is supplemented with remediation advice and supporting references.

Pen testing Resources

Tags: API Penetration Testing Checklist


Feb 06 2023

75 Best Android Penetration Testing Tools – 2023

Category: Pen Test,Security ToolsDISC @ 10:56 am

Android penetration testing tools are more often used by security industries to test the vulnerabilities in Android applications.

Here you can find the Comprehensive mobile penetration testing tools and resource list that covers Performing Penetration testing Operations in Android Mobiles.

Android is the biggest organized base of any mobile platform and developing fast—every day. Besides, Android is rising as the most extended operating system in this viewpoint because of different reasons.

Android Security Penetration Testing Tools

Online Analyzers

Following are the online analyzers used to pentest the android applications.

ApprayDynamic Analysis Tools for Android and iOS Applications
NowsecureComplete Mobile Security Testing tool for Android & iOS Tools
AppKnoxEfficient Security Testing Tools for Mobile Apps

Static Analysis Tools

AndrowarnDetects and warn the user about potential malicious behaviors developed by an Android application
ApkAnalyserVirtual Analysis Tools for Android Applications
APKInspectorGUI-based Security Analysis
DroidLegacyPentesting Kit
FlowDroidStatic Analysis Tool
Android DecompilerProfessional Reverse Engineering Toolkit
PSCoutA tool that extracts the permission specification from the Android OS source code using static analysis
Amandroidstatic analysis framework
SmaliSCASmali Static Code Analysis
CFGScanDroidScans and compares CFG against CFG of malicious applications
Madrolyzerextracts actionable data like C&C, phone number etc.
SPARTAverifies (proves) that an app satisfies an information-flow security policy; built on the Checker Framework
ConDroidPerforms a combination of symbolic + concrete execution of the app
DroidRAVirtual Analysis
RiskInDroidA tool for calculating the risk of Android apps based on their permissions, with an online demo available.
SUPERSecure, Unified, Powerful, and Extensible Rust Android Analyzer
ClassySharkStandalone binary inspection tool which can browse any Android executable and show important info.

Mobile App Vulnerability Scanner Tools

QARKQARK by LinkedIn is for app developers to scan app for security issues
AndroBugsAndroid vulnerability analysis system
NogotofailNetwork security testing tool
DevknoxAutocorrect Android Security issues as if it was spell check from your IDE
JAADASJoint intraprocedural and inter-procedure program analysis tool to find vulnerabilities in Android apps, built on Soot and Scala

Dynamic Analysis Tools

Androl4bA Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
Android Malware Analysis Toolkit(Linux distro) Earlier it use to be an online analyzer
Mobile-Security-Framework MobSFMobile Security Framework is an intelligent, all-in-one open-source mobile application (Android/iOS) automated pen-testing framework capable of performing static, dynamic analysis, and web API testing.
AppUsecustom build for pentesting
Cobradroidcustom image for malware analysis
Xposedequivalent of doing Stub based code injection but without any modifications to the binary
InspeckageAndroid Package Inspector – dynamic analysis with api hooks, start unexported activities and more. (Xposed Module)
Android HookerDynamic Java code instrumentation (requires the Substrate Framework)
ProbeDroid Dynamic Java code instrumentation
Android Tamer Virtual / Live Platform for Android Security Professionals
DECAF Dynamic Executable Code Analysis Framework based on QEMU (DroidScope is now an extension to DECAF)
CuckooDroid Android extension for Cuckoo sandbox
Mem Memory analysis of Android Security (root required)
AuditdAndroid Android port of auditd, not under active development anymore
AurasiumPractical security policy enforcement for Android apps via bytecode rewriting and in-place reference monitor.
Appie Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick or smartphone.This is a one-stop answer for all the tools needed in Android Application Security Assessment and an awesome alternative to existing virtual machines.
StaDynA A system supporting security app analysis in the presence of dynamic code update features (dynamic class loading and reflection). This tool combines static and dynamic analysis of Android applications in order to reveal the hidden/updated behavior and extend static analysis results with this information.
Vezir Project Virtual Machine for Mobile Application Pentesting and Mobile Malware Analysis
MARA Mobile Application Reverse engineering and Analysis Framework
Taintdroid Requires AOSP compilation

Reverse Engineering

Smali/Baksmali apk decompilation
Androguard powerful, integrates well with other tools
Apktool really useful for compilation/decompilation (uses smali)
Android OpenDebugmake any application on device debuggable (using cydia substrate)
Dare .dex to .class converter
Dex2Jar dex to jar converter
Enjarify dex to jar converter from Google
Frida Inject javascript to explore applications and a GUI tool for it
Indroidthread injection kit
Jad Java decompiler
JD-GUIJava decompiler
CFRJava decompiler
KrakatauJava decompiler
ProcyonJava decompiler
FernFlowerJava decompiler
Redexerapk manipulation

Fuzz Testing

IntentFuzzer
Radamsa Fuzzer
Honggfuzz
An Android port of the melkor ELF fuzzer
Media Fuzzing Framework for Android
AndroFuzz

App Repackaging Detectors

FSquaDRAAndroid Security tool for detection of repackaged Android applications based on app resources hash comparison.

Market Crawlers

Google play crawler (Java) searching android applications on GooglePlay,
Google play crawler (Python) browse and download Android apps from Google Play
Google play crawler (Node) get app details and download apps from official Google Play Store
Aptoide downloader (Node) download apps from Aptoide third-party Android market
Appland downloader (Node)download apps from Appland third-party Android market

Misc Tools

smalihookDecompiler
APK-DownloaderDownloader
AXMLPrinter2to convert binary XML files to human-readable XML files
adb autocompleteRepo Downloader
Dalvik opcodesRegistry
Opcodes table for quick referenceRegistry
ExploitMe Android Labsfor practice
GoatDroid for practice
mitmproxyintercepting proxy 
dockerfile/androguardshell environment
Android Vulnerability Test Suite android-vts scans a device for set of vulnerabilities
AppMonAppMon is an automated framework for monitoring and tampering system API calls of native macOS, iOS and android apps. It is based on Frida.

ANDROID SECURITY BOOK: 10 Simple Ways Billionaires Secure Their Android Devices

Checkout our previous posts on “Security Tools”

Computer Forensics

Building a Cybersecurity Toolkit

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: Android Penetration Testing Tools, Android security, Pen testing, Security professionals


Jan 26 2023

Cloud Pentesting Cheatsheet

Category: Cheat Sheet,Cloud computing,Pen TestDISC @ 12:09 pm

Cloud Pentesting for Noobs. An introduction to peneration testing… | by Jon  Helmus | Medium

Checkout our previous posts on Cheat Sheet

InfoSec books | InfoSec tools | InfoSec services

Tags: cheat sheet, Cloud Pentesting


Jan 18 2023

Wireless Penetration Testing Checklist – A Detailed Cheat Sheet

Category: Cheat Sheet,Pen Test,Wi-Fi SecurityDISC @ 4:13 pm

Wireless Penetration testing actively examines the process of Information security Measures which is Placed in WiFi Networks and also analyses the Weakness, technical flows, and Critical wireless Vulnerabilities.

The most important countermeasures we should focus on are Threat  Assessment, Data theft Detection, security control auditing, Risk prevention and Detection, information system Management, and Upgrade infrastructure and a Detailed report should be prepared.What is Wireless Penetration Testing?

Wireless Penetration Testing is aimed to test wireless infrastructure to find vulnerabilities in the network. Testing involves both manual testing techniques and automated scans to simulate a real-world attack and identify risks.Why is wireless penetration testing important?

Usage of Wi-Fi access dramatically increased nowadays, and the quality of Wi-Fi security is in question. By using Wi-Fi access thousands of transaction processing every minute.
If the network is vulnerable it allows hackers to launch various attacks and intercept the data.

Common Wireless Network Vulnerabilities

  • Deployment of Vulnerable WEP Protocol
  • Man-in-the-Middle Attacks
  • Default SSIDs and Passwords
  • Misconfigured Firewalls
  • WPA2 Krack Vulnerability
  • NetSpectre – Remote Spectre Exploit
  • Warshipping
  • Packet Sniffing
  • Warshipping

Wireless Penetration Testing Checklist

Let’s take a detailed look at the Wireless Penetration Testing Checklist and the steps to be followed.

Framework for Wireless Penetration Testing

  1. Discover the Devices connected with  Wireless Networks.
  2. Document all the findings if Wireless Device is Found.
  3. If a wireless Device is found using Wifi Networks, then perform common wifi Attacks and check the devices using WEP Encryption.
  4. If you found WLAN using WEP Encryption then Perform WEP Encryption Pentesting.
  5. Check whether WLAN Using WPA/WPA2 Encryption. If yes then perform WPA/WPA2 pen-testing.
  6. Check Whether WLAN using LEAP Encryption. If yes then perform LEAP Pentesting.
  7. No other Encryption Method was used which I mentioned above, Then Check whether WLAN using unencrypted.
  8. If WLAN is unencrypted then perform common wifi network attacks, check the vulnerability which is placed in the unencrypted method and generate a report.
  9. Before generating a Report make sure no damage has been caused to the pentesting assets.

Wireless Pentesting with WEP Encrypted WLAN

  1. Check the SSID and analyze whether SSID is Visible or Hidden.
  2. Check for networks using WEP encryption.
  3. If you find the SSID as visible mode then try to sniff the traffic and check the packet capturing status.
  4. If the packet has been successfully captured and injected then it’s time to break the WEP  key by using a WiFi cracking tool such as Aircrack-ng, or WEPcrack.
  5. If packets are not reliably captured then sniff the traffic again and capture the Packet.
  6. If you find SSID is the Hidden mode, then do Deauthentication for the target client by using some deauthentication tools such as Commview and Airplay-ng.
  7. Once successfully Authenticated with the client and Discovered the SSID is, then again follow the Above Procedure which is already used for discovering SSID in earlier steps.
  8. Check if the Authentication method used is OPN (Open Authentication) or SKA (Shared Key Authentication). If SKA is used, then bypassing mechanism needs to be performed.
  9. Check if the STA (stations/clients) are connected to AP (Access Point) or not. This information is necessary to perform the attack accordingly.

If clients are connected to the AP, an Interactive packet replay or ARP replay attack needs to be performed to gather IV packets which can be then used to crack the WEP key.

If there’s no client connected to the AP, Fragmentation Attack or Korex Chop Chop attack needs to be performed to generate the keystream which will be further used to reply to ARP packets.

10. Once the WEP key is cracked, try to connect to the network using WPA-supplicant and check if the AP is allotting any IP address or not.”EAPOL handshake“.

Wireless Penetration Testing with WPA/WPA2 Encrypted WLAN

  1. Start and Deauthenticate with WPA/WPA2 Protected WLAN client by using WLAN tools Such as Hotspotter, Airsnarf, Karma, etc.
  2. If the Client is Deaauthenticated, then sniff the traffic and check the status of captured EAPOL Handshake.
  3. If the client is not Deauthenticate then do it again.
  4. Check whether the EAPOL handshake is captured or Not.
  5. Once you captured the EAPOL handshake, then perform a PSK Dictionary attack using coWPAtty, Aircrack-ng to gain confidential information.
  6. Add Time-memory trade-off method (Rainbow tables) also known as WPA-PSK Precomputation attack for cracking WPA/2 passphrase. Genpmk can be used to generate pre-computed hashes.
  7. If it’s Failed then Deauthenticate again and try to capture again and redo the above steps.

LEAP Encrypted WLAN

  1. Check and Confirm whether WLAN is protected by LEAP Encryption or not.
  2. De-authenticate the LEAP Protected Client using tools such as karma, hotspotter, etc.
  3. If the client is De authenticated then break the LEAP Encryption using a tool such as asleapto steal the confidential information
  4. If the process dropped then de-authenticate again

Wireless Penetration Testing with Unencrypted WLAN

  1. Check whether SSID is Visible or not
  2. Sniff for IP range if SSID is visible then check the status of MAC Filtering.
  3. If MAC filtering is enabled then spoof the MAC Address by using tools such as SMAC
  4. Try to connect to AP using IP within the discovered range.
  5. If SSID is hidden then discover the SSID using Aircrack-ng and follow the procedure of visible SSID which I Declared above.

Wireless Penetration Testing

Checkout our previous posts on InfoSec “Cheat Sheet”

InfoSec books | InfoSec tools | InfoSec services

Tags: cheat sheet


Jan 16 2023

Most Important Network Penetration Testing Checklist

Category: Cheat Sheet,Network security,Pen TestDISC @ 11:05 am

Network Penetration Testing determines vulnerabilities in the network posture by discovering Open ports, Troubleshooting live systems, services and grabbing system banners.

The pen-testing helps administrator to close unused ports, additional services, Hide or Customize banners, Troubleshooting services and to calibrate firewall rules.You should test in all ways to guarantee there is no security loophole.

Let’s see how we conduct a step by step Network penetration testing by using some famous network scanners.

Network Penetration Testing

1.HOST DISCOVERY

Footprinting is the first and important phase were one gather information about their target system.

DNS footprinting helps to enumerate DNS records like (A, MX, NS, SRV, PTR, SOA, CNAME) resolving to the target domain.

  • A – A record is used to point the domain name such as gbhackers.com to the IP address of it’s hosting server.
  •  MX – Records responsible for Email exchange.
  • NS – NS records are to identify DNS servers responsible for the domain.
  • SRV – Records to distinguish the service hosted on specific servers.
  • PTR – Reverse DNS lookup, with the help of IP you can get domain’s associated with it.
  • SOA – Start of record, it is nothing but the information in the DNS system about DNS Zone and other DNS records.
  • CNAME – Cname record maps a domain name to another domain name.

We can detect live hosts, accessible hosts in the target network by using network scanning tools such as Advanced IP scanner, NMAP, HPING3, NESSUS.

Ping&Ping Sweep:

root@kali:~# nmap -sn 192.168.169.128root@kali:~# nmap -sn 192.168.169.128-20 To ScanRange of IProot@kali:~# nmap -sn 192.168.169.* Wildcardroot@kali:~# nmap -sn 192.168.169.128/24 Entire Subnet

Whois Information 

To obtain Whois information and name server of a webisteroot@kali:~# whois testdomain.com

  1. http://whois.domaintools.com/
  2. https://whois.icann.org/en

Traceroute

Network Diagonastic tool that displays route path and transit delay in packetsroot@kali:~# traceroute google.com

Online Tools

  1. http://www.monitis.com/traceroute/
  2. http://ping.eu/traceroute/

2.PORT SCANNING

Perform port scanning using tools such as Nmap, Hping3, Netscan tools, Network monitor. These tools help us to probe a server or host on the target network for open ports.

Open ports are the gateway for attackers to enter in and to install malicious backdoor applications.root@kali:~# nmap –open gbhackers.com             To find all open portsroot@kali:~# nmap -p 80 192.168.169.128           Specific Portroot@kali:~# nmap -p 80-200 192.168.169.128   Range of portsroot@kali:~# nmap -p “*” 192.168.169.128          To scan all ports

Online Tools

  1. http://www.yougetsignal.com/
  2. https://pentest-tools.com/information-gathering/find-subdomains-of-domain

3.Banner Grabbing/OS Fingerprinting

Perform banner Grabbing/OS fingerprinting such as Telnet, IDServe, NMAP determines the operating system of the target host and the operating system.

Once you know the version and operating system of the target, we need to find the vulnerabilities and exploit.Try to gain control over the system.root@kali:~# nmap -A 192.168.169.128root@kali:~# nmap -v -A 192.168.169.128 with high verbosity level

IDserve another good tool for Banner Grabbing.

Networkpentesting Flowchart

Online Tools

  1. https://www.netcraft.com/
  2. https://w3dt.net/tools/httprecon
  3. https://www.shodan.io/

4.Scan for Vulnerabilities

Scan the network using Vulnerabilities using GIFLanguard, Nessus, Ratina CS, SAINT.

These tools help us in finding vulnerabilities with the target system and operating systems.With this steps, you can find loopholes in the target network system.

GFILanguard

It acts as a security consultant and offers patch Management, Vulnerability assessment, and network auditing services.

Nessus

Nessus a vulnerability scanner tool that searches bug in the software and finds a specific way to violate the security of a software product.

  • Data gathering.
  • Host identification.
  • Port scan.
  • Plug-in selection.
  • Reporting of data.

5.Draw Network Diagrams

Draw a network diagram about the organization that helps you to understand logical connection path to the target host in the network.

The network diagram can be drawn by LANmanager, LANstate, Friendly pinger, Network view.

6.Prepare Proxies

Proxies act as an intermediary between two networking devices. A proxy can protect the local network from outside access.

With proxy servers, we can anonymize web browsing and filter unwanted contents such as ads and many other.

Proxies such as Proxifier, SSL Proxy, Proxy Finder..etc, to hide yourself from being caught.

6.Document all Findings

The last and the very important step is to document all the Findings from Penetration testing.

This document will help you in finding potential vulnerabilities in your network. Once you determine the Vulnerabilities you can plan counteractions accordingly.

You can download rules and scope Worksheet here – Rules and Scope sheet 

Thus, penetration testing helps in assessing your network before it gets into real trouble that may cause severe loss in terms of value and finance.

Important Tools used for Network Pentesting

Frameworks

Kali Linux, Backtrack5 R3, Security Onion

Reconnaisance

Smartwhois, MxToolbox, CentralOps, dnsstuff, nslookup, DIG, netcraft

Discovery

Angry IP scanner, Colasoft ping tool, nmap, Maltego, NetResident,LanSurveyor, OpManager

Port Scanning

Nmap, Megaping, Hping3, Netscan tools pro, Advanced port scannerService Fingerprinting Xprobe, nmap, zenmap

Enumeration

Superscan, Netbios enumerator, Snmpcheck, onesixtyone, Jxplorer, Hyena,DumpSec, WinFingerprint, Ps Tools, NsAuditor, Enum4Linux, nslookup, Netscan

Scanning

Nessus, GFI Languard, Retina,SAINT, Nexpose

Password Cracking

Ncrack, Cain & Abel, LC5, Ophcrack, pwdump7, fgdump, John The Ripper,Rainbow Crack

Sniffing

Wireshark, Ettercap, Capsa Network Analyzer

MiTM Attacks

Cain & Abel, Ettercap

Exploitation

 Metasploit, Core ImpactThese are the Most important checklist you should concentrate with Network penetration Testing .

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Checkout our previous posts on Pen Testing…

Contact DISC InfoSec

InfoSec books | InfoSec tools | InfoSec services

Tags: Penetration Testing Checklist


Jan 09 2023

Top 10 Best Penetration Testing Companies & Services – 2023

Category: Pen TestDISC @ 12:08 pm

enetration Testing Companies are pillars when it comes to information security, nothing is more important than ensuring your systems and data are safe from unauthorized access, Many organizations have a flawed security culture, with employees motivated to protect their own information rather than the organization.

This sets up an opportunity for attackers seeking ways into a company to exploit it and get access to critical data and secrets.

In this article, we will see the 10 best penetration testing companies and understand what penetration testing is. We will also discuss its importance, different types of tests, and how they are conducted. 

What Is Penetration Testing?

The term “penetration testing” refers to the process of checking an application’s or network’s security by exploiting any known vulnerabilities.

These security flaws might be found in a variety of places, such as system configuration settings, authentication methods, and even end-user risky behaviors.

Apart from assessing security, pentesting is also used to assess the effectiveness of defensive systems and security tactics.

The cyber security condition is shifting at a breakneck speed. New vulnerabilities are discovered and exploited all of the time, some of them are publicly recognized, and others are not.

Being aware is the greatest defence you can have. A penetration test uncovers security flaws in your system that might lead to data theft and denial of service.

Top 10 Best Penetration Testing Companies – 2023

Best Penetration Testing Companies: Key Features and Services

Top Pentesting CompaniesKey FeaturesServices
Astra SecurityAutomated Vulnerability Scans, Continuous Scanning, CI/CD Integration, Zero false positives, Pentest Report, Customer Support, and Theories on How to Report to Regulators.Penetration Testing, Vulnerability Assessment, Security Audits, IT Risk Assessments, Security Consulting Website Protection, Compliance Reporting.
DetectifySimple and intuitive interface, Prioritized remediation advice can your web applications and APIs in the cloudPenetration Testing, Scanning for Vulnerabilities
IntruderProvides results from automated analysis and prioritization, Examination of configurations for flaws missing patches application weaknessesManagement of Vulnerabilities, Penetration Testing, Perimeter server scanning, Cloud Security, Network Security
InvictiBuilt-in reporting tools automatically find SQL Injection, Scan 1,000 web applications in just 24 hoursPenetration Testing, Website SecurityScanning, Web VulnerabilityScanning
Rapid7Easy-to-use interface-click phishing campaignsPenetration Testing, Vulnerability Management
AcunetixAccess Controls/Permissions, Activity Dashboard, Activity MonitoringImmediate actionable results best web security services seamless integration with customer’s current system
CobaltProof-Based Scanning, Full HTML5 Support, Web Services Scanning, Built-in Tools, SDLC IntegrationIntegration with JIRA and Github, OWASP Top 10PCIHIPAA, and other compliance report templates customer Reports API for building personalized security reports test vulnerabilities functionality
SecureWorksmore than 4,400 customers in 61 countries across the world perform more or less 250 billion cyber eventsPen Testing Services, Application Security Testing, Advance Threat/Malware detection, and preventing Retention and Compliance Reporting
SciencesoftCertified ethical hackers on the team33 years of overall experience in ITIBM Business Partner in Security Operations & Response, Recognized with 8 Gold Microsoft CompetenciesVulnerability Assessment, Penetration Testing, Compliance Testing, Security Code Review, Infrastructure Security Audit
CyberhunterBest for Penetration Testing, Network Threat Assessments, Security Audits, Cyber Threat Hunting, Network reconnaissance, vulnerability mapping, exploitation attempts, cyber threat analysisPenetration Testing, Network Threat Assessments, Network Security Audits, Cyber Threat Hunting, Network Log Monitoring

Table covering 10 Penetration Testing Companies & Key Features

Infosec books | InfoSec tools | InfoSec services

Tags: Penetration Testing


Jan 03 2023

Kali Linux: What’s next for the popular pentesting distro?

Category: Linux Security,Pen TestDISC @ 2:18 pm

If you’re interested in penetration testing and digital forensics, you know that Kali Linux is worth a try. And if you’re already doing it, chances are good you are already using it.

We talked to Jim O’Gorman, Chief Content and Strategy Officer at Offensive Security (OffSec), about the direction in which the development of the open-source distro is headed.

[The answers have been edited for clarity.]

Kali Linux keeps growing and improving. How much does user feedback influence where you want to go next? What do users want the most?

Two questions drive Kali’s development:

1. What needs to be done to ensure that Kali Linux is the best possible platform for professional and hobbyist information security work?
2. What needs to be done to ensure that Kali is the best possible platform for information security training?

There is a lot of overlap between those two questions, but realistically they are separate and distinct items. However, by getting them both right on a single platform, we create an environment where people can train, study, and learn, but also use the same platform for real-world efforts. In essence, it means that you train like you fight.

The answer to the first question is driven by input from the Kali and OffSec teams. As infosec professionals ourselves, what are the things we run into on a day-to-day basis and how do we make our life easier by ensuring the toolset is of the highest quality possible? We also work closely with OffSec’s pentesting team.

We also listen to input from other Kali users. Kali is a totally open-source project and anyone and everyone can pitch in and contribute. And they do! If you wish a tool to be included in Kali, package it and submit it! If you wish a configuration worked a certain way out of the box, modify the package and submit the change. It’s very direct and easy to do, and it is in our documentation. Anyone – regardless of their background – can play a part.

The second way users influence development is through bug reports, feature requests, and conversations on OffSec’s Discord and other social media. The Kali team is out there as part of the infosec community – talk to us and let us know what you are seeing. Also, when possible, we will set up private conversations with large organizations that use Kali to get a feel for their unique needs.

The answer the second question – How to make Kali the best possible platform for training? – we work very closely with the OffSec content development team to find out what tools they are using for training, what sort of default environment works best for learners, and what we can do in Kali to support general education efforts.

Surprisingly, even though Kali is built for advanced information security work, it is often the first Linux many users ever use. So we are careful with the design of Kali to ensure that it is approachable. We want to ensure that you don’t have to be a Linux professional to utilize Kali successfully in OffSec courses.

What’s your vision for Kali Linux in the next 12 months? What areas need polishing?

The changing of attack techniques over time does not impact Kali as much as you might think, as techniques are more often than not implemented in tools and scripts. While the tools and scripts change, Kali Linux as a platform to launch them does not have to change much. The closest item to this is expanding Kali to run everywhere. Our goal is to put the Kali toolset as close as possible to you no matter where you are.

Kali installed on bare metal, Kali in a VM, Kali in containers (Docker & LXC), Kali on WSL, Kali on various ARM devices such as Raspberry Pi, Kali in a cloud instance such as AWS and Azure, Kali on your Android phone or tablet – we even have Kali running on a watch! No matter where you are or what your needs are, we want Kali to be easy to access and run.

Kali is primarily gered towards pentesting and red teaming, but we are looking at expanding into other areas of information security as well.

Kali Linux comes with a myriad of tools. What’s the process for including or removing a piece of software? What tools are used the most?

What tools run in Kali is really a matter of input from the team, community, and OffSec. Our goal is to have the most frequently used and important tools installed and working out of the box. Other common tools are installed quickly and easily with a single command.

We add new tools based on the answers to a number of questions: What functionality does the tool provide and is it unique or different enough from functionalities of other tools? Is the tool going to be maintained and updated over a reasonable period of time? How functional is the tool? It is a wrapper for another tool? Does the developer have a positive reputation?

If a tool stops being updated and stops working, we’ll try to work with the author. If they are unresponsive and the effort of maintaining the tool becomes too complex, we document this and then often remove it.

We get a lot of input from the OffSec pentesting team on what tools they are using in the field today, as well as the OffSec content developers on what tools are being used as part of the courseware. The idea is to have all the tools used in OffSec coursework out of the box to keep things easy for students.

Do major software development trends influence your approach to enhancing Kali Linux? How do you prioritize features?

When prioritizing features, we look at what is needed at the current time. We release Kali in quarterly updates so that dictates our development cycle. Each cycle we look at what is happening in the industry, where the gaps are, and determine what to prioritize.

On this front, there is a lot to balance. Everything from the distribution of Kali, installation, user experience, tools, stability, so on and so forth. It’s a full operating system and a small team so we have to pick and choose what goes into it, we can’t do everything each cycle. Again, input from the community and OffSec sets the priorities.

There’s been a lot of buzz around AI lately. Do you expect AI to play a role in future Kali Linux versions?

As Kali is a base OS, not right now. For tools that run in Kali, perhaps in time. As soon as the tools are there we will add them into Kali if they are any good. But there are also always fad trends so we tend not to get over-excited about them until they start to actually deliver results.

We have seen demonstrations of tools being developed with some of the PoC which have been creating some buzz, but as they are not ready to be released we are a ways off from this yet.

Kali Linux 2022.4 released | OpenSourceFeed


5 Kali Linux tools you should learn how to use

5 Kali Linux books you should read this year

New Book: Advanced Security Testing with Kali Linux!

Infosec books | InfoSec tools | InfoSec services

Tags: Kali Linux


Dec 23 2022

WEB APPLICATION PENTESTING CHECKLIST

Category: App Security,Pen Test,Web SecurityDISC @ 11:37 am
This image has an empty alt attribute; its file name is image-20.png

Web Pentesting Checklist Cyber Security News

PenTesting Titles

Penetration Testing: Protecting Networks and Systems

Pentesting Training

Penetration Testing – Exploitation

Penetration Testing – Post Exploitation

Infosec books | InfoSec tools | InfoSec services

Tags: WEB APPLICATION PENTESTING CHECKLIST


Dec 21 2022

How to become a penetration tester

Category: Pen TestDISC @ 9:29 pm

John Jackson has been working in cybersecurity for less than five years, but already has several significant wins under his belt.

After five years as an engineer in the Marine Corps he founded white-hat hacker collective Sakura Samurai, which last year discovered git directories and credential files within United Nations infrastructure that exposed more than 100,000 private employee records.

On a roll, the group soon after publicly disclosed vulnerabilities within the Indian government that allowed them to access personal records, police reports, and other hugely sensitive data, along with session hijacking and arbitrary code execution flaws on finance-related governmental systems.

Jackson’s other notable successes have included the discovery of a vulnerability in the Talkspace mental health app and two serious bugs in Chinese-made TCL brand televisions.

In a follow-up to the first part of our two-part feature on becoming a pen tester, we asked Jackson, now senior offensive security consultant at Trustwave, about his achievements, his love for pen testing, and the skills that would-be penetration testers need to succeed.

Daily Swig: How did you get into pen testing?

John Jackson: My story’s a little non-traditional. I didn’t grow up as a computer nerd. I was actually going to college for philosophy at CU Denver when I got a phone call from a recruiter and he asked me, hey, do you want to be a hacker?

I went through a boot camp and by the time I got to certified ethical hacker level I was actually helping class members learn, because I had done so much self-study on my own as I was just so excited.

I got recruited by TEKsystems as a contractor to go and work for Staples, initially as a cybersecurity engineer, and after the first six months there, they switched me to endpoint detection response. I went from application security engineer to senior applications security engineer for Shutterstock and after that, I went to Trustwave.

I was still hacking on my own time doing ethical hacking, and I established a group at the time called Sakura Samurai.

DON’T MISS How to become a pen tester: Part 1 – your path into offensive security testing

DS: What’s the best way to get into penetration testing?

JJ: There’s not a linear path. When I was getting into it, they [the industry] didn’t have as many certifications as they do now, and they also didn’t have as many materials, but nowadays they have things like Hack the Box, which can be a good way in.

I think there is no definitive skill that makes you a good hacker – it’s not so much a skill but a mindset. It’s endless curiosity.

If you’re not the type of person that likes spending a lot of your free time learning then it’s not the best field for you, because you’re always going to have to improve, and it’s very difficult to improve if you’re not continually learning, and a lot of the time that’s on your own time.

DS: What are your favourite things about your job?

JJ: One of my favourite things is the ability to hack so many different things. I’ve done ATM hacking, I’ve done phishing and social engineering, and then I moved into red teaming where the scope is a lot larger, and you have a lot more control over how you hack the organizations because you emulate advanced persistent threat actors.

Pen testing is amazing because I’m always learning – it really keeps me going and keeps my brain fresh. I don’t get bored because every day is new.

DS: And the worst?

JJ: A lot of non-technical people are sometimes involved in setting up and arranging pen tests and red teams, and sometimes they under-scope the assessments and take a very check-in-the-box approach to pen testing.

I think that that’s bad for everyone involved – it’s bad for the pen testers because you’re limited to such a narrow scope of what you can and can’t do, and it’s bad for security because in reality it’s just not realistic. A criminal hacker is not going to stop and say “you know what, this domain’s out of scope, this technology’s out of scope, I’m not going to mess with that”.

Pen testers are highly technical and sometimes you’re dealing with people that are more salesy or C-level, and you have to explain why it matters – and that can be tough.

MUST READ A rough guide to launching a career in cybersecurity

DS: What’s the most enjoyable project you’ve ever worked on?

JJ: I think my favourite project was a bank that wanted a red team with a scope of pretty much everything. That was a lot of fun, because I got to use the expertise I had to think outside of the box and use some of their own platforms to abuse their company.

They were blown away because they didn’t expect to see this or that service get abused, so I felt kind of proud doing that. [It felt like] finally someone appreciates that outside of the box thinking.

DS: And the most serious?

JJ: With the UN, with my group Sakura Samurai, we found GitHub credentials. We used the GitHub credentials to download the organization’s internal GitHub code and then, going through the code, we found over 100,000 lines of employee information. It was insane. That was definitely pretty scary.

The Indian government hack was crazy too – that was on another level. We found a lot of vulnerabilities – credentials, remote code execution, you name it. We were just going in and gave them a very extensive report, and actually coordinated it with DC3 [Department of Defense Cyber Crime Center] to help us disclose, because we were so worried about how much we found.

DS: What are your thoughts about bug bounties?

JJ: I’ve got a lot of complaints [about] bug bounty [programs], the biggest one being that you have to sign non-disclosure agreements when you submit these bugs, and sometimes that’s a moral conflict because you’ll discover things that are really bad. I was a blue teamer for half of my career, so when I find these certain types of bugs in bug bounty programs it’s unnerving because I know they’re not going to handle this how they need to handle this, they’re going to try and sweep this under the rug.

I moved towards vulnerability disclosure programs because you give them time to fix it and then you can disclose the bug that you found. I think that all hackers should try some vulnerability disclosure because it really just gives you a chance to get your hands on hacking a lot of things at once and then go through the process.

Read more of the latest news from the pen testing industry

DS: What are you working on now?

JJ: Right now, I’m working on another red team engagement. We’re on the internal phase, so the phase of just being inside the organization and looking for security vulnerabilities to see what we can and can’t do, how far we can go.

It’s always exciting. I love doing it, as this just really combines a lot of elements of hacking – network hacking, web hacking, and then the social aspects like what type of technologies do people use, and how can you abuse that internally?

A good example that I can say on record because it’s very obvious is Office 365, using Microsoft products to get more passwords or access to the organization, so that’s what I’m dealing with right now.

DS: What careers could pen testing lead on to?

JJ: I definitely have moved towards red teaming more, which is just a different form of pen testing. But I’d say for me red teaming and pen testing is the end of the line.

You could spend your entire life as a pen tester, absolutely, but I think a lot of people in the different client environments have shifted into a model of wanting pen testers to do more threat emulation – specific goals like ‘steal our credit card data, steal our employee accounts’.

The reality is it’s just endless, and there’s always something bigger you can aspire to. So if you’re a pen tester maybe [the next step is] senior pen tester, if you’re a senior pen tester maybe it’s to go to offensive security consultant, moving into red teaming. I think shifting into red teaming is the end goal for a lot of people.

https://portswigger.net/daily-swig/how-to-become-a-penetration-tester-part-2-mr-hacking-john-jackson-on-the-virtue-of-endless-curiosity

Penetration Testing : Step-By-Step Guide

Infosec books | InfoSec tools | InfoSec services

Tags: Pen tester


Sep 18 2022

scanless – A Pentesting Tool to Perform Anonymous open Port Scan on Target Websites

Category: Pen Test,Security ToolsDISC @ 1:54 pm

Network Penetration Testing determines vulnerabilities on the network posture by discovering Open ports, Troubleshooting live systems, services, port scans and grabbing system banners.

Port Scanner is an application used to perform an open port scan with server or hosts. Open ports are the gateway for attackers to enter in and to install malicious backdoor applications.

It is Command-line utility for exploitation websites which will perform Open port scan on your behalf. This tool helps early stages of a penetration testing to run an open port scanner on a bunch and have it not come back from your IP address.

Port Scanners Supported

  • yougetsignal
  • viewdns
  • hackertarget
  • ipfingerprints
  • pingeu
  • spiderip
  • portcheckers
  • t1shopper

Open Port Scanner

It is simple and easy to use the tool, can get results in minutes and also it to stay Anonymous. you can download the tool from github.

To install scanless and help

sudo pip install scanless
scanless –help

port scans

To list all the supported scanners

scanless -l

port scans

To Run Scan 

scanless -s yougetsignal -t domain.com

port scans

scanless -s pingeu -t domain.com

port scans

Author : Austin Jackson

port scans

Tags: ports attacks, ports scan


Sep 07 2022

PenTesting at the speed of Your SDLC

Category: Information Security,Pen TestDISC @ 2:49 pm
Cobalt’s has announced a new offering, Agile Pentesting! With Agile Pentesting, conduct a pentest that has a targeted scope focused on a specific area of an asset, or a specific vulnerability across an asset. Agile Penesting is flexible in nature, and aligns pentesting to DevSecOps workflows in a way that’s friction-free.

Leverage Agile Pentesting to level up your security program for:

* New Release Testing: pentest a new release before or shortly after it reaches production

* Delta Testing: pentest for incremental improvements based on code differences since date or version

* Single OWASP Category Testing: pentest a single vulnerability or small subset of vulnerabilities across an asset to validate fixes 

* Microservice Testing: pentest Kubernetes within AWS, Azure, or GCP, as well as hosted network devicesReady to ship code securely with Cobalt’s Agile Pentesting?

Ready to ship code securely with Cobalt’s Agile Pentesting?

Learn More

Enter to Win a Free Cobalt Agile Pentest!Sometimes the best things in life actually are free! Click here to enter your information to be one of the three lucky winners to receive a free Agile Pentest from Cobalt, worth $6,600 in value! The drawing will take place on September 22nd.
Enter to Win

Tags: Agile Pentesting


Apr 29 2022

3 Ways to Boost Pentesting ROI

Category: Pen TestDISC @ 7:23 am

If you’re a car owner, it can be tempting to put off an oil change, tire rotation or other recommended vehicle tune-up. But reality becomes all too clear when you’re sitting on the side of the highway waiting for AAA. And it’s even more painful when you’re hit with a massive repair bill a few days later that far exceeds any short-lived savings. 

Like many frustrated drivers, businesses are currently learning this lesson the hard way with cybersecurity. Last year, data breaches at organizations increased by 68% to reach their highest volume ever, according to Identity Theft Resource Center’s 2021 Data Breach Report

Even as data breaches become more prevalent and costly, many organizations continue to hold off on vital cybersecurity measures, as well as neglect routine pentesting and provisioning maintenance. This short-sighted approach costs organizations more in the long run. 

In order to prevent hacks and breaches, businesses must act quickly and treat cybersecurity as a long-term investment; learning how to drive the most value from security testing instead of waiting for a cyberattack to occur.  

Pentesting: A Proactive Approach to Cybersecurity

One of the most effective ways to increase your cybersecurity readiness is penetration testing (pentesting, for short)—a simulated cyberattack designed to discover vulnerabilities in an organization’s IT systems. 

Pentesting involves stepping into hackers’ shoes to identify weak spots. By role-playing how a hacker might breach your security configurations, this process helps identify potential vulnerabilities and threats, test security responses and capabilities and measure ongoing improvements to your cybersecurity system. 

Your pentesters can come from either your internal security experts or from a third-party team. They dig into your security systems one by one, starting with a set of objectives to carry out an attack. Most teams combine black-box and white-box testing: For black, the pentester acts as a true external hacker with little or no knowledge of the IT landscape; for white, the pentester acts as an internal developer with complete knowledge of the landscape. 

Here’s what the process typically looks like:

  • Pentesters begin with low-privilege identity credentials from someone in a network, but they also look for vulnerabilities from any unauthenticated perspectives. After gaining remote access, pentesters explore your system and search for exploitable security gaps.
  • Based on what they find, pentesters develop and carry out a cyberattack. The aim is to gain escalating privileges and a greater ability to modify your systems, which packs a bigger punch than stealing data alone.
  • Once an attack commences, pentesters report their findings, rank vulnerabilities in terms of severity and advise you on remedies. After changes are implemented, pentesters test again to ensure you’ve properly closed all gaps. 

How to Get the Most out of Pentesting

For most organizations, reservations about pentesting aren’t rooted in a lack of understanding about the strategy’s benefits; instead, it comes down to time and money. In fact, 74% of IT professionals and security leaders said they would test their systems more frequently if it wasn’t so cumbersome, while 71% said it was too expensive.

So, how can you ensure your investment pays off? 

Here are three ways to achieve greater ROI on pentesting that are worth your resources: 

  1. Don’t skimp on scope or substance. On average, a high-quality pentest costs between $30,000 and $60,000 depending on the size and complexity of your organization. Large enterprises, for example, may spend closer to $100,000.  While it’s tempting to choose the cheapest option available on the market, low-cost alternatives often sacrifice test quality and deliver results that are far too narrow to provide meaningful remedies. Pay for a test that looks at your cybersecurity system comprehensively and is capable of producing results that benefit your security team in the long term.
  2. Set clear objectives and test cases. Most CISOs have a laundry list of security concerns that keeps them up at night. Pentesting is a great way to put those scenarios to rest. You can assemble a detailed list of top security concerns for pentesters to target first, which ensures that testing is specific to your industry, your company and your security framework.
  3. Incorporate testing (and retesting) as part of your cybersecurity routine. Security systems—and threats that aim to compromise them—are constantly changing. Routine testing on an annual or semiannual basis ensures your cybersecurity remains up-to-date and provides a metric for constant improvement. In fact, 85% of cybersecurity pros reported conducting such tests at least once a year. Retesting verifies that issues you’ve identified in the past have been fixed. 

The consequences of a cyberattack are more devastating than ever: In 2021, the average cost of a data breach reached a record $4.24 million, according to IBM’s annual Cost of a Data Breach Report.

Yet the average cybersecurity budget only constitutes 15% of a business’s overall IT budget. It often takes a catastrophe to galvanize organizations to update and improve cybersecurity measures. But by that time, the damage is done—loss of business, broken trust with customers, damage to your reputation and even regulatory fines.

Rather than waiting for a security incident, incorporate routine pentesting to ensure your cybersecurity defenses are ready for a potential attack. For cars, every 5,000 miles is a good rule of thumb for an oil change or tire rotation. For cybersecurity teams, an annual pentest is a solid start to boost your organization’s cybersecurity maintenance and drive sustained improvements that are well worth the cost. 

The Pentester BluePrint: Starting a Career as an Ethical Hacker

👇 Please Follow our LI page…


DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices


Jan 04 2022

NetCat for PenTester

Category: Pen TestDISC @ 4:03 pm

Penetration Testing: Step By Step Guide

Tags: Netcat, Penetration Testing


Dec 26 2021

Penetration Testing Tools for Blue Team

Category: Pen TestDISC @ 10:26 am

Ethical hacking and lock picking

Pen Testing Titles

Tags: Pen testing, Penetration test


Nov 24 2021

Reconnaissance for Bug Bounty Hunters & Pentesters

Category: Bug Bounty,Pen TestDISC @ 10:49 pm

New to the bug bounty and confused about where to start? Worry not! This reconnaissance for bug bounty hunters guides you to take the first step in bug bounty hunting.

Reconnaissance is the initial step in every penetration test, bug bounty, or ethical hacking. This step aims to gather the target’s information publicly available on the internet.

Publicly available data offers technical details about the network structure and systems. However, it also contains information about personnel and the firm that might be valuable later in the attack.

Two types of cyber reconnaissance are:

  • Passive Information Gathering
  • Active Information Gathering

Let’s utilize some suitable tools and gather the victim’s information passively first. The tools I will use to collect victim’s data will be:

  • Passive Recon Tools
    • Google Dork
    • Netcraft
    • WHOIS
    • Social Media
  • Active Recon Tools
    • Nmap
    • GoBuster
    • Dig

The above-mentioned tools are not the only tools; there are many tools available for data gathering which you can utilize.

Table of Contents

A bug bounty hunting journey: Overcome your limits and become a successful hunter

Tags: Bug Bounty Hunters & Pentesters


Oct 22 2021

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Category: Cyber crime,Cybercrime,Pen Test,RansomwareDISC @ 9:08 am

The FIN7 hacking group is attempting to enter in the ransomware business and is doing it with an interesting technique. The gang space creates fake cybersecurity companies that hire experts requesting them to carry out pen testing attacks under the guise of pentesting activities.

FIN7 is a Russian criminal group that has been active since mid-2015, it focuses on restaurants, gambling, and hospitality industries in the US to harvest financial information that was used in attacks or sold in cybercrime marketplaces.

One of the companies created by the cyber criminal organizations with this purpose is Combi Security, but researchers from Gemini Advisory discovered other similar organizations by analyzing the site of another fake cybersecurity company named Bastion Security.

The Bastion Secure website is hosted on the Russian domain registrar Beget, which is popular in the Russian cybercrime communities. Most of the submenus of the site return a Russian-language HTTP 404 error, a circumstance that suggests the site creators were Russian speakers. At the time of the report, some of the HTTP 404 errors remain unfixed.

The website is a clone of the website of Convergent Network Solutions Ltd, Bastion Secure’s ‘About’ page states that is a spinoff of the legitimate cybersecurity firm that anyway not linked to the criminal gang.

Pentest as a Service (PtaaS)

Tags: FIN7, pentester, ransomware attacks


Sep 17 2021

PenTest as a Service

Category: Information Security,Pen TestDISC @ 3:34 pm

Download Modern Pentesting for security and development team

Find out how Cobalt service protect your Apps: Cobalt’s Pentest as a Service (PtaaS) platform coupled with an exclusive community of testers delivers the real-time insights you need to remediate risk quickly and innovate securely.

Find out how Cobalt service protect your Apps: Cobalt’s Pentest as a Service (PtaaS) platform coupled with an exclusive community of testers delivers the real-time insights you need to remediate risk quickly and innovate securely.

Please email with the subject “Beginner’s Guide to Compliance-Driven Pentesting” if interested to read this guide: Info@deurainfosec.com

Tags: Pentest as a service, Pentesting as a service, PtaaS


Jul 28 2021

Getting cyber secure with penetration testing

Category: Pen TestDISC @ 10:00 am

To achieve real cybersecurity, business leaders must implement the right solutions to protect their assets from cyber threats. Checkout Cobalt PenTest as a Service to find out how to keep your organization secure from a cyber attack with effective penetration testing, and discover:

  • Why even the smallest business is a potential target
  • What penetration testing is, and how it works
  • The types of vulnerabilities that can exist for months without being detected
  • Why penetration tests are the best solution to uncovering vulnerabilities before criminals do
  • The difference types of penetration test


Next Page »