pentest |

Tag: pentest (page 1 of 2)

How to become a web pentester

I spent quite some time trying to figure out the answer to this question when I created my online training with the clever title “Web Hacking: Become a Web Pentester“. In this post I will try to summarize what I learnt when I looked at my own career and what we look at when we hire new people to my team.

Intro to ARP spoofing with bettercap

February 15th, 2016 / geri / 0 Comments

I recently discovered a fairly new man-in-the-middle tool called bettercap, which I will test in this video. I will explain the concept of ARP spoofing, install bettercap, and see how one can use it to sniff passwords on a network.
Continue reading

The free Burp Suite training is ready

February 15th, 2016 / geri / 4 Comments

I have been working on an online Burp Suite training for quite some time. It is finally ready.

Advanced sqlmap features – eval

July 21st, 2014 / geri / 0 Comments

I was always sad when I couldn’t use sqlmap when the injection was not very simple. Of course I always expected that to be my fault, that I didn’t spent enough time to configure sqlmap properly. So the other day when I tested an application and found an sql injection which was a pain in the neck to exploit manually, I rolled up my sleeves and started to look at source code of sqlmap to figure out some parameters which I never knew what they did. This blog post is about the --eval parameter which allows you to manipulate the requests before sending them.
Continue reading

CORS: Attack scenarios

November 1st, 2013 / geri / 2 Comments

I was preparing myself for the Hacktivity conference in Budapest, where I talked about the security of the Cross-Origin Resource Sharing (CORS). As part of the preparation I summarised my thoughts in a couple of blog posts. This is one of them.

As a follow up of my previous post, I would like to continue with the short analysis of the threats and attack scenarios which could exploit CORS.
Continue reading

Stack Adjustment by hand

June 23rd, 2013 / geri / 2 Comments

When you are developing an exploit and you have very limited space for your payload you might need to adjust the stack to be able to use staged exploits. The problem, in case of a multi-stage payload, is that when the first stage that you send in your exploit payload starts to download the second stage, the stack pointer (ESP) might point to a place which is not far enough from the first stage in the memory; hence, the second stage might corrupt the code that you are executing. Stack adjustment is a technique that tries to solve this problem by setting the ESP to create more space for the second stage.
Continue reading

Here it is, the file upload CSRF

April 7th, 2013 / geri / 0 Comments

Recently I wanted to do a Cross Site Request Forgery Proof-of-Concept for a file upload functionality. As you might know it is not necessarily as easy as simple form CSRFs. Continue reading

SoapUI with Burp

March 16th, 2013 / geri / 6 Comments

In a recent project I tested a web service and we got a nice SoupUI project for it. SoupUI is a great tool but you somehow miss the nice features of Burp, such as the Intruder. But of course the idea comes immediately: why not to chain them? It turns out this is not as trivial as it seems for the first sight.
Continue reading

Shellcode wrapper for Linux

February 17th, 2013 / geri / 0 Comments

This post is about how to create Linux binary executable shellcodes using msfpayload.

Installing Dradis on Backtrack

January 7th, 2013 / geri / 0 Comments

This post is more of a note for myself then an interesting technical stuff but it might be useful for somebody else as well.

You might already know the Dradis Framework if not check it out here. It is basically a note taking web application which focuses on penetration tests and other security assessments. It allows testing teams to quickly share the collected information about the tested environment with each other.
Continue reading

Æther Security Lab