Tag
PenTest+ is one of the most recent CompTIA cyber security certifications, it is designed for cyber security professionals or students who aspire to be in a role with an emphasis in penetration testing and the offensive side of cyber security.
It was initially released on the 31st July 2018 and since at the time I was preparing for OSCP and I had already done A+, Network+ and Security+ I thought this was the best way forward.
Read moreThis was an easy Windows box that involved exploiting the EternalBlue SMB vulnerability which is part of the MS17-010 security bulletin.
Read moreNmap is a free and open-source network scanner that is often used during penetration tests to discover hosts and services on a computer network by sending packets and analyzing the responses.
The tool provides a number of features top help identifying services and their versions, testing for known vulnerabilities, bruteforcing credentials, detecting operating system information and much more.
Read moreWhen interviewing for a penetration testing job, you will most probably be required to answer a number of technical questions so that the interviewer can get a good understanding of your current level of knowledge and skill.
This guide will try to cover the most common questions that you are likely to come across during a pentesting interview. If you are already a penetration tester or have been studying pentesting for a while, most of these concepts and techniques should already be very familiar to you.
Read moreWindows operating systems, like most systems, have a way of scheduling the launch of programs or scripts based on certain time intervals to help automate recurring tasks. This can often become weaknesses and allow attackers to escalate privileges to root if improperly configured.
This guide will go through the main methods used to exploit scheduled tasks.
Read moreThis was a fairly easy Linux box that involved exploiting an arbitrary file upload vulnerability in the My Image plugin of the Nibbleblog web application in order to upload a reverse shell, and a script with sudo permissions allowed to escalate privileges to root.
Read moreLXC is the well-known and heavily tested low-level Linux container runtime. It is in active development since 2008 and has proven itself in critical production environments world-wide. LXD is a next generation system container manager. that offers a user experience similar to virtual machines but using Linux containers instead.
The LXC/LXD groups are used to allow users to create and manage Linux containers. These can be exploited by creating a root-level privilege container from the current file system and interacting with it, executing /bin/sh and therefore starting a root shell.
Read moreFTP is a network protocol used to transfer files from a server to a client over a network. FTP servers can be accessed either via the ftp command-line tool or via third-party applications such as FileZilla. This service runs on port 21 by default.
This guide will cover the main methods to enumerate an FTP server in order to find potential vulnerabilities or misconfigurations.
Read moreThe Offensive Security Certified Professional is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution.
It comes with the Penetration Testing with Kali video and PDF course and it’s one of the major certifications in the penetration testing world. In this article I take the time to talk about the journey that brought me to achieving this certification, all of the steps I followed, the learning material and platforms I used to prepare etc.
Read moreUdemy is a platform that allows instructors to build online courses on their preferred topics. Students can purchase courses knowing they have been developed by professionals in a given field which award a certificate upon completion. There are a lot of valid courses on Udemy that teach various IT skills such as programming, networking, cyber security and much more.
If you are looking to start a career in cyber security or more specifically penetration testing, Udemy can be a great place to start.
Read more