Penetration Testing Tips & Tricks

From Security Weekly Wiki
Jump to navigationJump to search

Jump to: A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Z


Analysis of Private Browsing Modes in Modern Browsers


AntiForensics and Bugs -- When Forensics Tools Lie to You

Apache Hardening

Apple Quicktime RTSP Vulnerability



Armitage with Raphael Mudge

Arp Cache Poisoning

Attacking Networked Embedded Devices



BackTrack on USB on Mac]

BackTrack 4 on an SD Card

Banner Grabbing with Nmap

Base64 on a Network

Basic Auth and Base64 Encoding

Botnet Control for Smartphones over SMS


CANBUS: Hack Your Car

Centos 5 Hardening

Claymore: Protecting your WiFi with some C4 and Balls of Steel

Cobalt Strike with Raphael Mudge

Commoditization of Malware Distribution

[CSRF, the First

CSRF Made Easy with XSSF by John Strand

CSRF Scanning with Pinata

CSRF Testing with Burp by John Strand (YouTube video)


Data Mining Event Tracing for Windows


Defcon Badge Challenge

Dirbuster, Nikto and http-dir-enum

Disclosure Debate

DLL Injection

DLink DCC Bypass

DNS Enumeration

DNS Enumeration with Metasploit


Dradis Framework with Daniel Martin


EEEPC, Backtrack and Ubuntu

Evite Hacking with Trent Lo

Executing from Memory with Carlos Perez

ExifTool: Removing JPG Metadata

EXIFtool: Not Just for JPEG

EXIF Gathering Info From the President's Photo


Facebook Password Lists with Ron Bowes

Fiddler2 with John Strand

Firefox Add-ons for Your Users

Firefox Password Recovery

Firmware Analysis

Firmware Reverse Engineering Primer

Framing (Social Engineering) with Chris Hadnagy

FreeZeus Botnet in a VM Lab

Fuzzing HTTP Directories with wfuzz, Nikto, Nessus and DirBuster


Gentoo Portage

GISkismet For More Than Hacking

Google Hacking

Google Queries to Run Against Your Own Domain

GPG/PGP Keytrusts

GXFR with Tim Tomes


Hack Lab Setup

Hardening Linux

Hardware Hacking: Getting Started

Hash Passing

Hashdump in Metasploit

Honeyports (Linux)

Honeyd for SCADA Emulation

Honeyports (Windows)

Hydra, Without the Lockout


IDS/IPS with Darren Wigley

Immunity Debugger

iPhone Application Reversing and Rootkits with Eric Monti

iPhone Security

iPhone Security 2

iPhone Pwnage and Defense

iPhone Application Reversing and Rootkits


Java Signed Applet Exploit with Metasploit

Jaseger on the LaFonera and Part II and Part III

Just Plane Fun - A Story About Bob


Karmetasploit for BackTrack 4

Kismac: Things That Surprise Me

Kismet Drone on OpenWrt Kamikaze Using Madwifi

Kismet Drone on OpenWrt Whiterussian 0.9

Kismet Information Gathering

Kismet Simultaneous Multiple Channel Sniffing


Kon-Boot Follow-Up

Kon-Boot over PXE and Admin Randomization


Larry's Hacker Keychain

Linux Hardening

Linux Honeyports

Log History Collection on Windows


Mailman Installation

Mantech Memory DD

Memory Analysis

Metagoofil: Google, Document Metadata and You

Metasploit with HD Moore

Metasploit and the Auto Exploit Plugin

Metasploit Bypassing AV Software

Metasploit Cheat Sheet

Metasploit's db_autopwn

Metasploit Java Signed Applet Exploit

Metasploit Persistence

Metasploit and Easy RFI Shell


MitM Attacks in a Virtual World

Mobile Device Hacking with Charlie Eriksen



Nessus and Metasploit: Probing and Exploiting for Free!

Paul's Nessus Scanning VM

Nessus Scanning Through a Metasploit Meterpreter Session

Nessus Upgrade 3.2.0

Nessus Vulnerabilities by IP Address

Netcat Relays with Ed Skoudis

Network Forensics

Nikto 2.0.1

Nmap Rogue Access Points

Nmap to Screenshot Web Services

Nmap Version 5

Nmap vs. SMB with Ron Bowes

Stealthy Nmap Host and Service Discovery Scanning

NTFS MFT Timelines and Malware Analysis with Tim Mugherini

NetNTLm Hashes and Cracking Them by Tim Medin


OS X - From Recon to Exploit

OS X Sandbox

OS X Security Tips


P2P Information Disclosure

Packet Evasion with Judy Novak

Password Auditing with Larry Pesce

Password Brute Forcing (plus see Robin Wood's CEWL)

Password Strength

Pen Testing: The Unanswered Questions

Pen Testing: Quick Tips

Pen Testing War Stories

pfSense for Pentesters with Larry and Darren

Weekly pfSense on an Alix.6e1 Installation

pfSense on an Alix.6f2 Installation

PDF Metadata Removal

phpMyAdmin Detection

Physical Security

Post-Exploitation Enumeration on OS X

Prison Electronic Systems and PLCs

Pushpin Released

Pushpin Revisited

PRAEDA and Multi-Function Printers

Pre Hacking

ProxBrute with Brad Antoniewicz


Quick Tips for Penetration Testing


Reconnoiter for Harvesting Usernames from Social Media

Reconnoiter with Mark Baggett

RFI Shell Using Metasploit

Router Hacking - Kyocera-KR1



Security Fail

Security Onion by Doug Burk

SHODAN - Like a Kid in a Candy Store

Single Packet Authorization with Sebastien Jeanquier

Skipfish Web App Scanner with Zach Lanier

Snorting your Network

Social Engineering: What's Next? with Sharon Conheady

Social Engineeer Your Management

Social Engineering Using Product Packaging

Social Engineering Toolkit (SET) with Dave Kennedy

Software Defined Radio for Pentesting

Software Update Security with Derek Callaway

Speaking with Cryptographic Oracles


SQL Injection

SQL Injection with Allison Nixon

SQLMap with John Strand

SSH Credential Capturing

SSH Distribution


Stuxnet First Impressions



Taking Over the World One Device at a Time

Tips on Web App Testing

TAOF Fuzzing

Tor Scanning

Tor and Web Crawling

TP-Link TL-WR703n Pen Testing Drop Box with Kevin Bong

Traps of Gold

Transparent Botnet Control for Smartphones over SMS with Georgia Weidman

True Stories from Real Penetration Tests




UPnP Detection and Exploitability

UPnP Hacking for Penetration Testers


Malicious USB Devices



VOIP Insecurity and Jumping VLANs

VOIPSA's VoIP Security Tool List with Dan York

Volatility Framework

VPN Penetration



w3af with Seth Misenar

War Dialing Over VoIP Systems and using Tor, with Dan King

Web App Testing

Web Crawling & Recon

Web Crawling with wget


WebLabyrinth Revisited

What's that Web Server? (Using Nmap) and Tying it All Together

wfuzz - Fuzzing Your Web Apps

WiFi Attack Automation

Windows Memory Testing

Windows XP Favorite Security Tools

Windows File Pseudonyms with Dan Crowley

Windows Firewall & Logging with John Strand

Windows HoneyPorts

Windows Log History Collection

WIndows Prefetch

Windows Remote Management

Windows Volume Shadow Copy Service and Concealing its Storage

WinEnum with Carlos Perez

Wireless Hackery with Ben Jackson

WMIC: Windows Management Instrumentation CLI

WMIC in Shell

WMIC Scripts

WordPress Password Brute-Force with Hashcat on BT5

Wordpress Plugin Security with Charlie Eriksen

WPAD Attacks with Metasploit

WRT54GL as a Kismet Drone


Xplico Network Packet Analysis

XSRF Scanning with Pinata

XSS Street-Fight with Ryan Barnett


Zeroconf and Device Exploitation

ZigBee for Beginners

Zone Transfers and Embedded Systems with Robin Wood