Công nghệ Blockchain sẽ phát triển ra sao trong năm 2018?

Năm vừa qua thế giới đã chứng kiến sự tăng trưởng bất ngờ của các đồng tiền kỹ thuật số, đồng thời cũng thấy rõ sự bất ổn từ chúng. Góp phần rất lớn vào sự tăng trưởng mạnh mẽ của các đồng tiền kỹ thuật số song lại có tính ổn định hơn rất […]

Android Application Penetration Testing: Setting up, Certificate Installation and GoatDroid Installation

To begin with mobile application penetration testing on the Android platform, we have multiple tools available that can be easily downloaded and installed to prepare the environment testing.These tools will help us to set up a virtual device serving as a smart phone using Android and the mobile application that is installed will undergo security […]

Android Application Security Testing Guide: Part 2

In our last part of this series (Android Application Security Testing Guide: Part 1), we discussed static analysis of Android APK files on the security background, and we tried to find any sensitive information which we can collect. In this part, we will head to our second phase, i.e. Dynamic Testing. But before going further, don’t […]

Android Application Security Testing Guide: Part 1

Android is a Linux kernel mobile platform that has been popular throughout its existence on a huge variety of devices, especially mobile smartphones. Most organizations, ranging from banking to telecom companies, have also come up with their apps for Android. Just like generic web applications, these mobile applications need a pen-test exercise as a part […]

CEH_v9_Advanced Man In The Middle Framework: Xerosploit

Advanced Man In The Middle Framework      Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. It brings various modules that allow to realise efficient attacks, and also allows to carry out denial of service attacks and port scanning. Powered by bettercap and nmap. […]

CEH_v9_Man-In-The-Middle Attack Framework: MITMf

MITMf is a Framework for Man-In-The-Middle attacks. MITMf aims to provide a one-stop-shop for Man-In-The-Middle and network attacks while updating and improving existing attacks and techniques. Originally built to address the significant shortcomings of other tools (e.g Ettercap, Mallory), it’s been almost completely re-written from scratch to provide a modular and easily extendible framework that […]

CEH_v9_Bettercap : MITM attack for sniffing traffic and passwords

Contents Installation Sniffing Traffic Getting password We will be installing Bettercap, doing a quick sniffing exercise, and then a more detailed section on grabbing the password. Will demonstrate the password grabbing on outlook.com, which seems to be particularly vulnerable to this attack. Installing bettercap Installation is simple- apt-get update apt-get dist-upgrade apt-get install bettercap The […]

Learning Pentesting with Metasploitable3 / Part 1

Introduction: Metasploitable is back with version 3, which includes lot more interesting vulnerabilities. Metasploitable3 is special because it is not a pre-configured downloadable VM. The user himself can configure it, and the user can also decide target version of Windows. By its name, Metasploitable is a designed to practice attacks with Metasploit Framework. Nevertheless, it […]

Analyzing Stuxnet Với Volatility

Download stuxnet vmem https://drive.google.com/open?id=0B23yo4Wg98gBUE1zSDhoVjVNOEU Determine Volatility Image Determine Which Profile to Use Instructions cd /pentest/forensics/volatility-2.2 chmod 700 vol.py Make vol.py executable. ./vol.py imageinfo -f images/stuxnet/stuxnet.vmem Note(FYI): For this image Volatility tells us to use the WinXPSP3x86 profile. Section 1. Analyze Stuxnet Process Tree Basic Stuxnet Description Note(FYI): A normal Windows XP installation has just one instance […]

Exploiting CVE-2015-8562 (A New Joomla! RCE)

Introduction: A critical remote code execution(RCE) vulnerability was discovered in Joomla! websites. This is making a lot of noise because of the following reasons. It appears that attackers started exploiting this even before the disclosure(0-day). It is very easy to exploit this vulnerability. Almost all the versions of Joomla are vulnerable under with certain conditions. […]