Nmap is a network mapping tool used during the Information Gathering phase of a network penetration testing engagement. It is completely free and open source. Click on the following link for more information about the Nmap Project. In this step-by-step tutorial you will learn how to install Nmap from source on an Ubuntu Linux machine.
I recently landed on a client’s network with an implementation of Microsoft LAPS on a few thousand hosts. This blog post will walk through how to identify the users sysadmins delegated to view LAPS passwords, and how to identify the users sysadmins have no idea can view LAPS passwords.
In this step by step tutorial we will discuss some of the more advanced use cases for the Burp Suite. Credential harvesting through Man In The Middle attack vectors can be your saving grace during an otherwise uneventful penetration test. You can watch a video version of this tutorial Here. This guide is intended to be educational as well as entertaining. The author does not condone or encourage illegal hacking activities.
I’m sure many of you have heard of the new free service from letsencrypt.org which essentially offers a valid SSL Certificate for everyone. The goal of the project is to run the entire internet over HTTPS without any excuses.
I’ve been using the service since early this year when they launched the beta, and I have to tell you that it is legit and something you really should be incorporating into your e-mail phishing process. Since we are going to provide professional phishing services for our clients, doing it over HTTPS and with a valid SSL Certificate is a must whenever we harvest sensitive info.Read More
It’s been a little over a year since I started phishing full time with Phishing Frenzy and there is no looking back now. The project has really come a long way since I first started with it. I can’t thank the community enough for all the support and contributions along the way. Phishing today seems more enjoyable than ever before and I owe a lot of that gratification to Phishing Frenzy.
If you haven’t had a chance to checkout the project, I highly recommend you do and get involved. We are always seeking new templates to be added to our official gallery for the entire community to use, tweak and share.
In our last Burp Suite Tutorial we introduced some of the useful features that Burp Suite has to offer when performing a Web Application Penetration Test. In part 2 of this series we will continue to explore how to use Burp Suite including: Validating Scanner Results, Exporting Scanner Reports, Parsing XML Results, Saving a Burp Session and Burp Extensions. Lets get right to it!
If you’re not currently using Phishing Frenzy, BeEF, or PowerSploit for your Phishing campaigns you’re really missing out. In this article we are briefly going to cover what I consider to be one of the “new hotness” attack vectors that every pentester should be using in their next phishing assessment.
Burp Suite from Portswigger is one of my favorite tools to use when performing a Web Penetration Test. The following is a step-by-step Burp Suite Tutorial. I will demonstrate how to properly configure and utilize many of Burp Suite’s features. After reading this, you should be able to perform a thorough web penetration test. This will be the first in a two-part article series.
Follow Pentest Geek
Subscribe to Pentest Geek
- How To Install Metasploit Framework Ubuntu 14.04
- How to Install Nmap From Source
- Another Lap Around Microsoft LAPS
- Credential Harvesting via MiTM – Burp Suite Tutorial
- SSL Certificate from letsencrypt.org – Setup Guide
- Forensics and Incident Response
- Information Gathering
- Penetration Testing Tutorials
- Web Applications