I have decided to start studying towards a CISSP and / or an OSCP, as part of that I saw an excellent blog post recommending to go through a lot of CTF challenges from vulnhub.com. These are my Kioptrix walkthrough guides / findings and observations for each of the first Read more…
This is a WordPress Security mega-post containing a lot of best-practice information on securing, hardening, updating and maintaining a WordPress site. Used by more than 60 million websites, including 30% of the top 10 million websites as of April 2018, WordPress is the most popular website management system in use. Read more…
Metasploit for website pentest using wmap. This is a short tutorial on using the wmap module inside metasploit. Wmap is a web application scanner that runs within metasploit. We can use wmap to get an outline of the application we are probing. Start dvwa inside vagrant In this tutorial I’ll Read more…
Continuing on from my original metasploit beginners tutorial, here is a slightly more advanced Metasploit tutorial on how to use metasploit to scan for vulnerabilities. The outcome of this tutorial will be to gather information on a host and its running services and their versions and vulnerabilities, rather than to Read more…
This is a simple Vega scanner tutorial for beginners on XSS scanning with vega scanner in kali linux. VEGA is an open-source web security scanner, written in java with a GUI. you can scan for XSS issues and can also scan for SQL injection vulnerabilities. In this short introduction tutorial Read more…
Blackarch pacman package groups Install with pacman -S groupname to quickly install a bunch of tools in one command: This info is available in the blackarch developers guide here: https://blackarch.org/blackarch-guide-en.pdf – this post is a copy-paste of that info – there are a lot of red-team things in the list, Read more…
This is a basic openvas tutorial for beginners. I will explain a little of how to use openvas web ui to perform a test of your systems. It will give you the basic options for using metasploit msfconsole to run an openvas vulnerability scan. You will also learn how to Read more…
This tutorial is a basic Kali linux arachni tutorial: to get arachni up and running on your kali linux system and perform a basic scan. Arahni is a vulnerability scanner for web-apps, it is installed as part of kali-linux, their site is here Arachni via the command line Open a Read more…
MetaSploit tutorial for beginners This (updated for 2020) MetaSploit tutorial for beginners is meant to be a starting guide on how to use MetaSploit if you have never used it before. It assumes that you already have MetaSploit installed and that it works, or that you are running Kali / Read more…
Jonathan Mitchell Portfolio About Me I have a BSc in Electronic Engineering, and an MSc in Advanced Computer Systems Development with Distinction. I was awarded the University Court Medal for excellence twice – in my PGDIP year, and in my MSc year. I am also a professional member of the Read more…
Wpscan wordpress vulnerability scanner. WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach. WpScan checks the security of your wordpress installation by enumerating installed themes and plugins and checking against vulnerability databases for known issues. Details Username enumeration (from author querystring and Read more…
This is a short nessus tutorial to help you get to grips with nessus. Nessus is a vulnerability scanner. Nessus can scan your assets for network security vulnerabilities. Nessus allows you to be proactive in securing your base so that all your base belongs to you :D Nessus tutorial quick Read more…