info@binsec.com
English
Deutsch
English
Wiki
Keywords
Deutsch
English
binsec wiki
binsec academy GmbH
Preface
Dear participants, Welcome to our online “Pentest Training” course. Before you start stretching your fingers and rolling up your sleeves, …
Introduction
Specialists in IT security are in demand like never before. Threats from online attackers are increasing in particular. To protect …
Legal Framework
Before our journey as penetration testers can begin, we need a goal in mind. After all, a long-distance runner doesn’t …
Hacking vs. Penetration Testing
The legal framework yields the following insight: hacking is different from penetration testing. As we have already touched upon indirectly …
Classification
Hackers are unpredictable. Under normal circumstances, their identity or the number of attackers who are targeting a given company remain …
Austria
Several elements of an offence may be used for the prosecution of cybercrime in Austria. As it relates to penetration …
Germany
The legal situation in Germany is similar to Austrian case law. A law was passed in May 2007 against “arranging …
Meaningfulness of Penetration Tests
Now that we know how to classify a penetration test, the question remains how meaningful a simulation of such an …
Penetration Testing Standards
It is normal for the quality of a product to differ from service provider to service provider. Naturally, this also …
Demonstration of a Penetration Test
So far, we have looked at the technical processes of an attacker as individual pieces of the puzzle, which still …
The Hacking Guide
Taking a look back, we learned about non-technical but essential aspects of penetration testing in the last chapters. In a …
Phase 1: Identification of the network areas
Oblivius Education Inc. is a fictitious startup company that develops mobile applications for creating cheat sheets. The cheat sheet for …
Phase 2: Identification of the accessible servers and services
To identify the accessible IT systems within the network range, a ping scan was performed with nmap, which found two …
Phase 3: Identifying vulnerabilities
In addition to targeted DNS queries, further vulnerabilities were searched for based on the name server’s version number. The software …
Phase 4: Exploitation of Vulnerabilities
The previously SQL injection revealed not only the database version, but it was also possible to extract any database content. …
Risk Assessment of Identified Vulnerabilities
For an attacker, intruding into IT systems can be very thrilling. However, we should never lose sight of our real …
Structure of Documentation and Reporting
Looking back at the beginning of our journey as a penetration tester, let’s remember that our client asked us to …
Insider stories: Tales from Dubius Payment Ltd.
The hacker group “Black Shadow“... Up until recently, the ’Black Shadow’ hacker group was known for credit card fraud, which …
Pentest Training
Learn Penetration Testing Discover the world of penetration testing. Learn how to infiltrate networks and successfully penetrate systems and applications. …
Hacking I: Scanning networks
In some cases, we need to identify the network ranges of a company ourselves for penetration testing. In the case …
Tool introduction: nmap
To identify accessible servers in a network range, nmap can perform a ping sweep using the ICMP protocol. In this …
Tool introduction: netcat
Now that we are able to identify open ports and accessible services on a target system, we can also communicate …
Tool introduction: dig
The domain name can provide important information about the job of a target system: As humans have a hard time …
Particularities of IPv6 networks
In this day and age, networks can no longer be scanned only on IPv4 networks. Many companies are gradually migrating …
Hacking II: Password attacks
In review, scanning networks is the foundation of any attack, as this allows us to discover our attack surface. But …
Online password attacks
Network services usually authenticate their users by means of a user name and associated password. If we know of the …
Offline password attacks
Unlike online password attacks, the hashes of the user passwords are available for offline password attacks. A cryptographic hash function …
Hacking III: Web application attacks
User authentication by password is often implemented in web applications. Individual users may be assigned different roles. As a payment …
SQL Injections (SQLi)
According to the OWASP TOP 10, injections are among the three most common vulnerabilities in web applications. This also includes …
Cross-Site Scripting (XSS)
In addition to SQL injection, injection attacks also include cross-site scripting. Due to the lack of input validation, cross-site scripting …
Hacking IV: Privilege Escalation
We have successfully mastered our first step as an attacker: executing commands on our target system. But in most cases, …
Information Gathering
The phase of collecting information is an important part in our process. We are especially looking for information concerning the …
Local Root Exploits
So-called local root exploits often exist especially for older operating systems, which exploit vulnerabilities in the kernel when expanding privileges, …
File Transfer
After we have “built“ an exploit locally on our attacking machine, we still have to transfer it to the target …
Hacking V: Tunnelling Techniques
We deliberately also kept an eye out for network information during privilege escalation, because IT infrastructure is often split into …
Hacking VI: Vulnerability scanner and penetration testing frameworks
It goes without saying that many processes in a penetration test can and should be automated. We can write scripts, …
Secure Coding Training
Secure Coding of binsec academy GmbH Here you will find the documents for the Secure Coding Training of binsec academy …
Preface
Dear participants, Welcome to our “Secure Coding“ online course. Before you stretch your fingers and start rolling up your sleeves, …
Tales from Dubius Payment Ltd.
Dubius Payment Ltd. is a relatively new payment service provider. As the company processes credit card information in its systems, …
Common Vulnerability Scoring System (CVSS)
As is common with estimates, risk is assessed differently depending on the perception and experience of the pentester - even …
Risk Response Strategies
As a pentester, it would be a mistake to assume that all vulnerabilities will be fixed on the client's side. …
Tool introduction: masscan
When performing a port scan against an IT infrastructure, we must assume that services can be accessed via any IP …
Broken Access Control
In 2021, vulnerabilities in authorization scheme were ranked as the top risk in web applications by the OWASP Top 10 …