info@binsec.com
English
Deutsch
English
Wiki
Keywords
Deutsch
English
binsec wiki
Pentest Training
Germany
The legal situation in Germany is similar to Austrian case law. A law was passed in May 2007 against “arranging …
Information Gathering
The phase of collecting information is an important part in our process. We are especially looking for information concerning the …
Online password attacks
Network services usually authenticate their users by means of a user name and associated password. If we know of the …
Local Root Exploits
So-called local root exploits often exist especially for older operating systems, which exploit vulnerabilities in the kernel when expanding privileges, …
Offline password attacks
Unlike online password attacks, the hashes of the user passwords are available for offline password attacks. A cryptographic hash function …
File Transfer
After we have “built“ an exploit locally on our attacking machine, we still have to transfer it to the target …
Demonstration of a Penetration Test
So far, we have looked at the technical processes of an attacker as individual pieces of the puzzle, which still …
Risk Assessment of Identified Vulnerabilities
For an attacker, intruding into IT systems can be very thrilling. However, we should never lose sight of our real …
The Hacking Guide
Taking a look back, we learned about non-technical but essential aspects of penetration testing in the last chapters. In a …
Broken Access Control
In 2021, vulnerabilities in authorization scheme were ranked as the top risk in web applications by the OWASP Top 10 …
Hacking V: Tunnelling Techniques
We deliberately also kept an eye out for network information during privilege escalation, because IT infrastructure is often split into …
Phase 2: Identification of the accessible servers and services
To identify the accessible IT systems within the network range, a ping scan was performed with nmap, which found two …
Phase 1: Identification of the network areas
Oblivius Education Inc. is a fictitious startup company that develops mobile applications for creating cheat sheets. The cheat sheet for …
Hacking VI: Vulnerability scanner and penetration testing frameworks
It goes without saying that many processes in a penetration test can and should be automated. We can write scripts, …
Hacking vs. Penetration Testing
The legal framework yields the following insight: hacking is different from penetration testing. As we have already touched upon indirectly …
Introduction
Specialists in IT security are in demand like never before. Threats from online attackers are increasing in particular. To protect …
Tool introduction: netcat
Now that we are able to identify open ports and accessible services on a target system, we can also communicate …
Tool introduction: masscan
When performing a port scan against an IT infrastructure, we must assume that services can be accessed via any IP …
Risk Response Strategies
As a pentester, it would be a mistake to assume that all vulnerabilities will be fixed on the client's side. …
Austria
Several elements of an offence may be used for the prosecution of cybercrime in Austria. As it relates to penetration …
Legal Framework
Before our journey as penetration testers can begin, we need a goal in mind. After all, a long-distance runner doesn’t …
Cross-Site Scripting (XSS)
In addition to SQL injection, injection attacks also include cross-site scripting. Due to the lack of input validation, cross-site scripting …
Penetration Testing Standards
It is normal for the quality of a product to differ from service provider to service provider. Naturally, this also …
Hacking IV: Privilege Escalation
We have successfully mastered our first step as an attacker: executing commands on our target system. But in most cases, …
Structure of Documentation and Reporting
Looking back at the beginning of our journey as a penetration tester, let’s remember that our client asked us to …
Hacking III: Web application attacks
User authentication by password is often implemented in web applications. Individual users may be assigned different roles. As a payment …
Hacking II: Password attacks
In review, scanning networks is the foundation of any attack, as this allows us to discover our attack surface. But …
Phase 3: Identifying vulnerabilities
In addition to targeted DNS queries, further vulnerabilities were searched for based on the name server’s version number. The software …
Common Vulnerability Scoring System (CVSS)
As is common with estimates, risk is assessed differently depending on the perception and experience of the pentester - even …
SQL Injections (SQLi)
According to the OWASP TOP 10, injections are among the three most common vulnerabilities in web applications. This also includes …
Tool introduction: nmap
To identify accessible servers in a network range, nmap can perform a ping sweep using the ICMP protocol. In this …
Classification
Hackers are unpredictable. Under normal circumstances, their identity or the number of attackers who are targeting a given company remain …
Particularities of IPv6 networks
In this day and age, networks can no longer be scanned only on IPv4 networks. Many companies are gradually migrating …
Phase 4: Exploitation of Vulnerabilities
The previously SQL injection revealed not only the database version, but it was also possible to extract any database content. …
Meaningfulness of Penetration Tests
Now that we know how to classify a penetration test, the question remains how meaningful a simulation of such an …
Pentest Training
Learn Penetration Testing Discover the world of penetration testing. Learn how to infiltrate networks and successfully penetrate systems and applications. …
Tool introduction: dig
The domain name can provide important information about the job of a target system: As humans have a hard time …
Hacking I: Scanning networks
In some cases, we need to identify the network ranges of a company ourselves for penetration testing. In the case …
Preface
Dear participants, Welcome to our online “Pentest Training” course. Before you start stretching your fingers and rolling up your sleeves, …
Insider stories: Tales from Dubius Payment Ltd.
The hacker group “Black Shadow“... Up until recently, the ’Black Shadow’ hacker group was known for credit card fraud, which …