You are browsing archives for
Secure socket layers (SSL) and its evolutionary descendant, Transport Level Security (TLS), are the most widely used protocols for ensuring confidentiality among service information exchanges. Despite this fact, their implementation is one of the most misunderstood, misconfigured, and prone-to-human-error options available. Codebreaker and government intelligence pioneer Elizabeth Friedman. Source: Jason Fagone’s book “The Woman Who […]
Installing Kali Linux or any other pentesting distro reveals the massive amount of tools in today’s infosec landscape that make the work of researchers, analysts and other security professionals easier, faster and more accurate. This certainly wasn’t the case 14 years ago, when dnsmap was released. Tools like dnsmap marked the beginning of the ever-growing […]
This kind of tool really enhances your toolbox when realizing an attack surface analysis against a desired target. Additionally, it provides a development interface that enables you to create your own modules and expand the tools’ capabilities even further. Getting to know Recon-ng This OSINT tool has plenty of features that come “out of the […]
Security professionals often need to quickly look up and correlate data during OSINT, reconnaissance, discovering vulnerabilities, finding security breaches in networks, and more. Fortunately, there are search engines in their arsenal of tools that are designed to be used by hackers and professionals. These can provide valuable data for their security operations. Search engines used […]
Let’s answer these questions today, by running DMitry along with our own SurfaceBrowser™️ enterprise tool. We’ll find out what happens when information is extracted from different sources so they can complement each other. What is DMitry? While this small tool called DMitry is considered old code, it does have a few useful information gathering tricks […]
After exploring our red team tools and phishing tools collections, it’s time to spend some time in the blue shoes. We have searched, tested and aggregated a list of the best blue team tools that will aid in many different blue team operations. There are a few categories of tools we haven’t included in this […]
This picture shows someone’s intentions in broad daylight, but it’s also easy to get information related to an office’s WiFi access points from a stealthier position, let’s say from inside a car in the parking lot, or from somewhere off the premises. While this may sound like a usual approach for conducting an attack against […]
While it’s a well-known concept, we’ve recently seen the growing sophistication of phishing campaigns, making detecting phishing domains harder, increase of spear phishing in APT attacks, and the increasing use of customized, targeted emails that ensure these campaigns are more successful than ever. Even if almost everyone nowadays is aware of possibly getting phished, by […]
The red team is considered the offensive side of the security. Red teams think like the attacker, they imitate real-world attacks and mimic adversary techniques and methods, uncover vulnerabilities in an organization’s infrastructure, launch exploits, and report on their findings. This is often a group of white hats — ethical hackers, offensive security professionals that […]
In this highly-competitive market where new releases take place daily, businesses are putting much of their focus on speed. Reports show that in 2019, 38% of developers indicated that they released monthly or even faster. However, with speed getting the preferred treatment, security can be left behind. In the application release process, security often arrives […]
