Skip to main content

SSL/TLS History: Discovering S1

Secure socket layers (SSL) and its evolutionary descendant, Transport Level Security (TLS), are the most widely used protocols for ensuring confidentiality among service information exchanges. Despite this fact, their implementation is one of the most misunderstood, misconfigured, and prone-to-human-error options available. Codebreaker and government intelligence pioneer Elizabeth Friedman. Source: Jason Fagone’s book “The Woman Who […]

dnsmap: an Old-School Network 1

Installing Kali Linux or any other pentesting distro reveals the massive amount of tools in today’s infosec landscape that make the work of researchers, analysts and other security professionals easier, faster and more accurate. This certainly wasn’t the case 14 years ago, when dnsmap was released. Tools like dnsmap marked the beginning of the ever-growing […]

Recon-ng: An Open Source Recon1

This kind of tool really enhances your toolbox when realizing an attack surface analysis against a desired target. Additionally, it provides a development interface that enables you to create your own modules and expand the tools’ capabilities even further. Getting to know Recon-ng This OSINT tool has plenty of features that come “out of the […]

Top 10 Internet Search Engines1

Security professionals often need to quickly look up and correlate data during OSINT, reconnaissance, discovering vulnerabilities, finding security breaches in networks, and more. Fortunately, there are search engines in their arsenal of tools that are designed to be used by hackers and professionals. These can provide valuable data for their security operations. Search engines used […]

DMitry: Diving Into an Old-Sch1

Let’s answer these questions today, by running DMitry along with our own SurfaceBrowser™️ enterprise tool. We’ll find out what happens when information is extracted from different sources so they can complement each other. What is DMitry? While this small tool called DMitry is considered old code, it does have a few useful information gathering tricks […]

Attack Surface Analysis: APT “

This picture shows someone’s intentions in broad daylight, but it’s also easy to get information related to an office’s WiFi access points from a stealthier position, let’s say from inside a car in the parking lot, or from somewhere off the premises. While this may sound like a usual approach for conducting an attack against […]

Phishing Toolkit: Top 20 Best 1

While it’s a well-known concept, we’ve recently seen the growing sophistication of phishing campaigns, making detecting phishing domains harder, increase of spear phishing in APT attacks, and the increasing use of customized, targeted emails that ensure these campaigns are more successful than ever. Even if almost everyone nowadays is aware of possibly getting phished, by […]

Top 30+ Most Popular Red Team 1

The red team is considered the offensive side of the security. Red teams think like the attacker, they imitate real-world attacks and mimic adversary techniques and methods, uncover vulnerabilities in an organization’s infrastructure, launch exploits, and report on their findings. This is often a group of white hats — ethical hackers, offensive security professionals that […]

What is OWASP? Top 10 Web Appl1

In this highly-competitive market where new releases take place daily, businesses are putting much of their focus on speed. Reports show that in 2019, 38% of developers indicated that they released monthly or even faster. However, with speed getting the preferred treatment, security can be left behind. In the application release process, security often arrives […]