-
ambient replied to the topic Worth 1 Yr subscription to Hakin9 ? in the forum Other 8 years, 3 months ago
Hakin9 is a hacking magazine. It is for you to update your knowledge, brush up your old experience and get more ideas and techniques from the industry.
If you would like to learn from the beginning, find good textbooks or good courses. After you are familiar with the topics, you could go further by subscribing Hakin9.
-
ambient replied to the topic SOAP Web Services Vulnerability Scanner/Methodology in the forum Web Applications 8 years, 3 months ago
Hello H1t M0nk3y,
from my experience, I used SoapUI to test web services. With the flexibility of input options the web service could use, I have never used an automated tool to test it. I think the result won’t be good enough. -
ambient replied to the topic CSRF with XSS payload encoding help in the forum Web Applications 8 years, 4 months ago
You could implement it by CSRF redirector technique.
I have posted here but the source code is unavailable.PHP CSRF Redirector
<?php
/* Call
* http://hackerhost.net/csrf_redirect.php?csrf=http://vulnerable.net?username=john|passwd=12345
*/
$csrf = $_GET;
$tokens = pr…[Read more] -
ambient replied to the topic Mapping the Application in the forum Web Applications 8 years, 4 months ago
……have you had issues doing authenticated scans with w3af?
What does it mean? If you meant the problem, my w3af often crashed during the scan.
-
ambient replied to the topic Mapping the Application in the forum Web Applications 8 years, 4 months ago
For me, I am working with
1. BurpSuite for web application crawling and mapping.
2. DirBuster for directory or file name enumeration.
3. HTTrack for saving some web contents in order to extract interesting metadata.
4. nikto for checking web server configuration
5. w3af for quick web application scanningThese activities pave a way to the next step.
-
ambient replied to the topic Certifications you need to have in order to be a Pen Tester. in the forum General Certification 8 years, 4 months ago
@MaXe wrote:
In the Asian region of the world, you will often need to be CEH certified. In the UK (England), you will need to be CREST and/or CHECK certified (sometimes both), and in Australia, you will need CREST in the near future if the current situation here evolves.
In the Asian region, the qualification which is often referred to is C|EH,…[Read more]
-
ambient replied to the topic problem on installing metasploit in the forum Network Pen Testing 8 years, 10 months ago
I agree with you. However, I did some search, I saw some tutorials that show metasploit on iOS. lavender, did you see one of those?
As an aside note, BillV, that’s cool. ;D
-
ambient replied to the topic problem on installing metasploit in the forum Network Pen Testing 8 years, 10 months ago
Well, I am not certain whether this can help you.
Basically, SET contains configuration file in set_config. You could point the reference to metasploit path in this file. -
ambient replied to the topic XSS protection in PHP in the forum Web Applications 8 years, 10 months ago
A good brief tutorial on XSS protection in PHP.
http://shiflett.org/articles/cross-site-scripting -
ambient replied to the topic OWASP CSRFGuard in the forum Web Applications 8 years, 10 months ago
l think implementing an anti-CSRF mechanism in our application is not difficult. You can turn on/off your mechanism at arbitrary points. Moreover, with java platform, if you use some frameworks like struts, you can use its built-in anti CSRF mechanism.
For CSRF guard, I have never used ???
-
ambient replied to the topic Passed eLearnseurity course in the forum General Certification 8 years, 10 months ago
Hi Jamie, congratulations!!
Network certification is good for pentesting career. -
ambient replied to the topic New to infosec – Python in the forum Programming 8 years, 11 months ago
@cd1zz wrote:
I would start with Counter Hack Reloaded, it will open your eyes.
I agree with cd1zz. Counter Hack Reloaded is great. If I could go back to the time I started in infosec, I would choose this one. Ed Skoudis is a great instructor.
-
ambient replied to the topic Backtrack 5 R2 in the forum Tools 8 years, 11 months ago
1. Does SET-Social Engineering Toolkits work well on BT5r2? I have problem with its handler listening my meterpreter payload.
2. I noticed that in /pentest/exploits/, there was no framework3 directory.Above all, I have installed BT5r2. ;D
-
ambient replied to the topic External Pen Testing Companies? in the forum Other 8 years, 12 months ago
In UK,
Portcullis Security
NCC Group -
ambient replied to the topic GPEN practice tests/questions in the forum GPEN – GIAC Certified Penetration Tester 8 years, 12 months ago
I took GPEN test at the end of February, and felt that the test exam is a bit more difficult than the practice test. If you are going to prepare yourself with the practice test, you could do it once. I did it twice, and found that the questions were reused as ajohnson said.
Make sure that you prepare with the contents of the materials. You will be fine.
-
ambient replied to the topic my article is now on the infosec institute website in the forum Links to cool sites. 9 years, 1 month ago
??? How could one apply for a researcher position there?
-
ambient replied to the topic my article is now on the infosec institute website in the forum Links to cool sites. 9 years, 1 month ago
Good article from infosec institute!!
Is there any requirement to submit the article to infosec institute? Do you need to be a researcher there before writing an article? -
ambient replied to the topic Suggest me a e-book for understanding basics of buffer over flow? in the forum Programming 9 years, 8 months ago
A nice video tutorial set from securitytube.net,
http://www.securitytube.net/groups?operation=view&groupId=4I’m quite sure you might like it 8).
-
ambient replied to the topic Report for eLearnsecurity in the forum General Certification 10 years, 4 months ago
@MaXe wrote:
http://www.hacking-lab.com/events/swiss-cyber-storm-3-cargame-challenge.html
Well, it left blank wile I took a visit.