PRINT
PRINT
SEND MAIL
SEND MAIL

Month: October 2017

TUTORIALS

Metasploitable 3: Meterpreter Port forwarding

In this Metasploitable 3 Meterpreter Port forwarding hacking tutorial we will learn how to forward local ports that cannot be accessed remotely. It is very common and good practice to run specific services on a local machine and make them available to that local machine only instead of the full network. On a local network these services are typically administration panels used to configure hardware or software on a single machine which doesn’t need to expose these services to the full network, just like…

METASPLOIT TUTORIALS

Testing SMB Server Security with Metasploit Pro Task Chains: Part 1

Server Message Block, or SMB, is an application protocol that is normally used to share files or printers and other devices. When combined with DCE/RPC, SMB can even give you remote control of a Windows machine over a network. It is also a protocol that is highly dangerous if not properly defended, as shown by a series of high-profile attacks that cost billions of dollars in damages (e.g., WannaCry, SMBLoris, Not-Petya, other attacks exploiting EternalBlue). Protecting SMB is a serious business, but it can…

TUTORIALS

Pentester Candidate Program November 2017

On Saturday the 18th of November 2017, Strategic Security/InfoSec Addicts relaunched the Pentester Candidate Program. This program is designed to satisfy the basic requirements of a penetration tester. The program will cover the most common technical and soft skill requirements. Top candidates will later receive job interviews for a remote penetrating testing job. This is through partnership with several penetration testing firms Top candidates may receive interview opportunities for a cleared penetration testing position. This is more so for those with a US Security…

TUTORIALS

Advanced Burp Suite

Burp Suite is one of the most popular web application security testing tools. It has a ton of features and can do everything from intercepting and modifying HTTP requests/responses in real time, to scanning web applications for vulnerabilities, to brute forcing login forms, to testing the entropy of session tokens, and it even allows you to increase its functionality by writing plugins for it. As awesome as the tool is – surprisingly few people are really comfortable with it. I decided to put together…

TUTORIALS

Extraction of Cookies in iOS Forensics

All activities of an iOS device user are stored inside the device in different formats and for various purposes as well. This evidence is apparently collected for the sake of serving the iOS user in the very first place. However, this is not the complete case. It is because the evidence obtained and stored cookies are even much more than what the user could ask for or need. Information just like locations, messages, contacts, web surfing habits, notes, pictures and more are available on…

TUTORIALS

Extraction of applications,photos,passwords – iOS forensics

Extraction of applications,photos,passwords – iOS forensics – There are several directories that one can find for investigation purposes inside an iOS. It is irrespective of whatever the device model is. The structure of directories is common among all iOS devices. The layout utilized for it is a UNIX layout. It is very vital to mention that different file formats exist in this case. Thus, there are some files of format XML, binary data, or SQL databases. Alright, so how are we going to investigate…

TUTORIALS

Artifacts of an IOS device

Artifacts of an IOS device This important file is located inside the folder of the root application.Relevant information about the device of interest may be revealed from this critical file. Such information includes the name of the used Apple Account and the date when the iPhone device was primarily purchased by the user. The importance of such information may vary according to the case being investigated.One of the following files will appear in each directory of an application on the iOS device:AccountURLBagType: in a…