I have decided to start studying towards a CISSP and / or an OSCP, as part of that I saw an excellent blog post recommending to go through a lot of CTF challenges from vulnhub.com. These are my Kioptrix walkthrough guides / findings and observations for each of the first Read more…
This is a WordPress mega-post containing a lot of best-practice information on securing, hardening, updating and maintaining a WordPress site. Used by more than 60 million websites, including 30% of the top 10 million websites as of April 2018, WordPress is the most popular website management system in use. (wikipedia) Read more…
Metasploit for website pentest using wmap. Wmap is a web application scanner that runs within metasploit. We can use wmap to get an outline of the application we are probing. Start dvwa inside vagrant In this tutorial I’ll be using dvwa in vagrant as my target If you dont have Read more…
Continuing on from my original metasploit beginners tutorial, here is a slightly more advanced Metasploit tutorial on how to use metasploit to scan for vulnerabilities. The outcome of this tutorial will be to gather information on a host and its running services and their versions and vulnerabilities, rather than to Read more…
This is a simple Vega scanner tutorial for beginners on XSS scanning with vega scanner in kali linux. VEGA is an open-source web security scanner, written in java with a GUI. you can scan for XSS issues and can also scan for SQL injection vulnerabilities. In this short introduction tutorial Read more…
Blackarch pacman package groups Install with pacman -S groupname to quickly install a bunch of tools in one command: This info is available in the blackarch developers guide here: https://blackarch.org/blackarch-guide-en.pdf – this post is a copy-paste of that info – there are a lot of red-team things in the list, Read more…
This is a basic openvas tutorial for beginners. I will explain a little of how to use openvas web ui to perform a test of your systems. It will give you the basic options for using metasploit msfconsole to run an openvas vulnerability scan. You will also learn how to Read more…
This tutorial is a basic Kali linux arachni tutorial: to get arachni up and running on your kali linux system and perform a basic scan. Arahni is a vulnerability scanner for web-apps, it is installed as part of kali-linux, their site is here Arachni via the command line Open a Read more…
MetaSploit tutorial for beginners This MetaSploit tutorial for beginners is to be a starting guide for how to use MetaSploit. It assumes that you already have MetaSploit installed, or that you are running Kali / backtrack Linux. The basic concept of how to use MetaSploit is as follows:– Run msfconsole Read more…
Wpscan wordpress vulnerability scanner. WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach. WpScan checks the security of your wordpress installation by enumerating installed themes and plugins and checking against vulnerability databases for known issues. Details Username enumeration (from author querystring and Read more…
This is a short nessus tutorial to help you get to grips with nessus. Nessus is a vulnerability scanner. Nessus can scan your assets for network security vulnerabilities. Nessus allows you to be proactive in securing your base so that all your base belongs to you :D Nessus tutorial quick Read more…