Search the Community
Showing results for tags 'pentest'.
Found 8 results
Product Security Engineer @Fitbit
crash4g posted a topic in Locuri de muncaFitbit is building a new security team in Bucharest. Full details here: https://grnh.se/gmt7lrkc1 Brief description of the job: The application security team at Fitbit is responsible for overseeing the secure design and implementation of applications. We do this by: Consulting with software engineers to ensure the relevant controls are built into their work Assessing software produced by Fitbit and its partners Participating in the security community to understand new and emerging threats We try to find achieve our mission through innovative ways of collaborating with our software teams that allow them to continue to deliver at scale and ve What You’ll Work On: Conduct threat modelling exercises New security sensitive functionality (e.g. changes to authentication flows) require a security team member to be involved New application infrastructure, e.g. entirely new SOA services required a feedback from a security engineer Provide application security consulting to engineers Perform manual and automated code review Our goal is to automate us much of our role as possible Create rules to help us to identify software that should be manually reviewed by a skilled application security engineer Help enable self-service reviews for engineers Work on tooling to expedite the process of doing software reviews Perform ad-hoc application assessments Assist with Fitbit’s Bug Bounty programs Help with the replication, prioritization and filing of issues identified via our bug bounty programs Assist with Fitbit’s developer outreach efforts Share root cause analysis information with our outreach team to ensure we’re educating our engineers about common security pitfalls and how to avoid them Required Skills: Significant experience in application penetration testing and source code review Knowledge of mobile and web application architecture Ability to read and break code written in different languages, emphasis on Java Strong understanding of applied cryptography Strong understanding of web application security technologies like CORS, OAuth, JSONP and browser security concepts such as the same origin policy Experience with static and dynamic application security tools A passion for security and technology Experience in a variety of software development environments and knowledge of contemporary agile software development methodologies Experience with test-driven development and other agile practices Broad knowledge of all areas of information technology including networking, operating systems and ideally application development Strong software development skills in at least one language Aspires to develop a deep understanding of information security Experience as a system administrator or security engineer Experience with managing information security incidents Solves problems through scripting and automation Willing to learn new things Willing to look at for innovative or non-standard solutions to problems Good sense of humor Calm under pressure Good time management skills Interactions with other teams The application security team is responsible for consulting with software engineering teams about the best and safest way to implement their features. They are also responsible for reviewing the output of software engineering teams for safety. As such, strong interpersonal skills are required. This person needs to be able to diplomatically provide software engineers with advice, and to coach developers through problems that may be identified in their work. The successful applicant will be able to positively influence software engineers’ behaviour through their interactions. Nice-to-Have Skills: Have a strong development background Background in infrastructure penetration testing Experience with compliance such as PCI and/or ISO27000 Experience with exploit/proof of concept development Experience in information security consulting Experience in in-house application security teams at larger technology companies with a reputation for security engineering Had incident response experience Developed tooling to automate information security tasks Have a wide knowledge from diverse parts of IT Worked on open source security projects
DAMN VULNERABLE WEB APPLICATION
davidmk posted a topic in Challenges (CTF)DVWA sau DAMN VULNERABLE WEB APPLICATION o chestie tare interesanta ce merita incercata de junior pentesteri wannabe. Aveti grija sa nu instalati aplicatia pe un server de web hosting impreuna cu alte site'uri ale voastre daca aveti sau ale clientilor vostri. Il instalati pe wamp/xamp/nginx in functie de caz. O sa pu git'ul ca si link deoarece ar fi interesant sa contribuie lumea la dezvoltarea aplicatiei si a unor noi nivele cu dificultate ridicata. https://github.com/RandomStorm/DVWA
Pentest phases - Adeptus Mechanicus
Amidamaru posted a topic in Tutoriale in englezaUn write up frumos din partea unei tanti din Romania ce aparent traieste in Canada. Contine cateva puncte bune. " Are penetration testing phases different from the ones of a malicious attack? The answer is no. Both malicious attackers and penetration testers go through the same stages or phases in their attacks/tests: 1. Gathering Information phase. During this stage, as much as possible data on the target is collected (e.g. the target IP address range, domain name registration records, mail server records, etc.), to design the blueprint of the target. 2. Scanning phase. The target is scanned for entry points such as wireless access points, lnternet gateways, available systems, running services, vulnerability lists, and port listening. Other tests would check if default user IDs, passwords, and guest passwords have been disabled or changed and no remote login is allowed. 3. Gaining Access phase. Based on the vulnerabilities which were identified during scanning, attempts are made to access the system. To accomplish this task, one could use automated exploit tools, or legitimate information obtained from social engineering. 4. Maintaining Access phase. Once access has been acquired, attempts are made to escalate the privileges to root/admin and then to upload a piece of code (also named “backdoor”) on the target so that access to the target is maintained independent from the authorized entry points into the system/network. This will allow to connect to the target anytime. 5. Covering Tracks phase. This phase is same important as the previous ones, as leaving a mark can show how elevated access to protected resources can be obtained and this information can be later on maliciously be used by others with access to the system. This phase involves restoring the system to normal pretest configurations, which includes removing files, cleaning logs, registry entries, deleting the uploaded backdoor, etc. " Source: Adeptus Mechanicus PenTest - DEICE-S1.140
Unde sunt baietii buni?
Vehuiah posted a topic in Cosul de gunoiAm auzit de la un prieten ca ar fi o echipa de pentesteri la Bucuresti,(surprinzator) avand ca scop strict pentesting-ul. Aveti mai multe informatii? Caut echipe din toata tara, consultanti in securitate etc. Sa vedem! (carti de vizita,site-uri, nr de telefon)
Fi8sVrs posted a topic in Programe securitateSPIP (CMS) Scanner for penetration testing purpose written in Python, and released under MIT License. This tool has been designed to perform detection of SPIP installs during penetration testing. Currently, the tool detects the version of the SPIP install and tries to detect if the platform uses some of the top 30 plugins (listed on their website) Usage: $ python spipscan.py Usage: spipscan.py [options] Options: -h, --help show this help message and exit --website=WEBSITE Website to pentest --path=PATH Path for webapp (default : "/") --plugins Detect plugins installed --themes Detect themes installed --users Bruteforce user logins --sensitive_folders Detect sensitive folders --version Detect version --vulns Detect possible vulns --bruteforce_plugins_file=BRUTEFORCE_PLUGINS_FILE Bruteforce plugin file (eg. plugins_name.db) --bruteforce_themes_file=BRUTEFORCE_THEMES_FILE Bruteforce theme file (eg. themes_name.db) --bruteforce_logins_file=BRUTEFORCE_LOGINS_FILE Bruteforce login file (eg. user_logins.db) --verbose Verbose mode Version detection: $ python spipscan.py --website=http://127.0.0.1 --version Result: Application is located here : http://127.0.0.1/ [!] Version is : 3.0.13 [!] Plugin folder is : plugins-dist/ Plugins detection: $ python spipscan.py --website=http://127.0.0.1 --plugins Result: [!] Plugin folder is : plugins-dist/ [!] folder plugins-dist/ is accessible [!] Plugin breves detected. Version : 1.3.5 [!] Plugin compagnon detected. Version : 1.4.1 [!] Plugin compresseur detected. Version : 1.8.6 [!] Plugin dump detected. Version : 1.6.7 [!] Plugin filtres_images detected. Version : 1.1.7 [!] Plugin forum detected. Version : 1.8.29 [!] Plugin jquery_ui detected. Version : 1.8.21 [!] Plugin mediabox detected. Version : 0.8.4 [!] Plugin medias detected. Version : 2.7.51 [!] Plugin mots detected. Version : 2.4.10 [!] Plugin msie_compat detected. Versoin : 1.2.0 [!] Plugin organiseur detected. Version : 0.8.10 [!] Plugin petitions detected. Version : 1.4.4 [!] Plugin porte_plume detected. Version : 1.12.4 [!] Plugin revisions detected. Version : 1.7.6 [!] Plugin safehtml detected. Version : 1.4.0 [!] Plugin sites detected. Version : 1.7.10 [!] Plugin squelettes_par_rubrique detected. Version : 1.1.1 [!] Plugin statistiques detected. Version : 0.4.19 [!] Plugin svp detected. Version : 0.80.18 [!] Plugin textwheel detected. Version : 0.8.17 [!] Plugin urls_etendues detected. Version : 1.4.15 [!] Plugin vertebres detected. Version : 1.2.2 The next example performs brute force to detect existing plugins : $ python spipscan.py --website=http://website.com --plugins --bruteforce_plugins=plugins_name.db Plugins bruteforce: $ python spipscan.py --website=http://127.0.0.1 --bruteforce_plugins=plugins_name.db Result: Application is located here : http://127.0.0.1/ [!] Plugin folder is : plugins/ [-] Access forbidden on folder. [-] Trying : http://127.0.0.1/plugins/cfg/plugin.xml [-] Trying : http://127.0.0.1/plugins/cfg/paquet.xml [-] Trying : http://127.0.0.1/plugins/spip-bonux-3/plugin.xml [-] Trying : http://127.0.0.1/plugins/spip-bonux-3/paquet.xml [-] Trying : http://127.0.0.1/plugins/couteau_suisse/plugin.xml [-] Trying : http://127.0.0.1/plugins/couteau_suisse/paquet.xml [-] Trying : http://127.0.0.1/plugins/couteau_suisse_191/plugin.xml [-] Trying : http://127.0.0.1/plugins/couteau_suisse_191/paquet.xml [-] Trying : http://127.0.0.1/plugins/saisies/plugin.xml [-] Trying : http://127.0.0.1/plugins/saisies/paquet.xml Themes detection: $ python spipscan.py --website=http://127.0.0.1 --themes Result: Application is located here : http://127.0.0.1/ [-] We haven't been able to locate the themes folder Themes bruteforce: $ python spipscan.py --website=http://127.0.0.1 --bruteforce_themes=themes_name.db Result: Application is located here : http://127.0.0.1/ [!] Theme folder is : themes/ [-] Access forbidden on folder. [-] Trying : http://127.0.0.1/themes/scolaspip_3_0/plugin.xml [-] Trying : http://127.0.0.1/themes/scolaspip_3_0/paquet.xml [-] Trying : http://127.0.0.1/themes/theme_einsteiniumist/plugin.xml [-] Trying : http://127.0.0.1/themes/theme_einsteiniumist/paquet.xml [-] Trying : http://127.0.0.1/themes/theme_brownie/plugin.xml [-] Trying : http://127.0.0.1/themes/theme_brownie/paquet.xml [-] Trying : http://127.0.0.1/themes/theme_brownie_v1/plugin.xml [-] Trying : http://127.0.0.1/themes/theme_brownie_v1/paquet.xml [-] Trying : http://127.0.0.1/themes/theme_darmstadtiumoid/plugin.xml [-] Trying : http://127.0.0.1/themes/theme_darmstadtiumoid/paquet.xml [-] Trying : http://127.0.0.1/themes/squelette_darmstadtiumoid/plugin.xml [-] Trying : http://127.0.0.1/themes/squelette_darmstadtiumoid/paquet.xml [-] Trying : http://127.0.0.1/themes/theme_brominerary/plugin.xml [-] Trying : http://127.0.0.1/themes/theme_brominerary/paquet.xml [-] Trying : http://127.0.0.1/themes/theme_tincredible/plugin.xml [-] Trying : http://127.0.0.1/themes/theme_tincredible/paquet.xml [-] Trying : http://127.0.0.1/themes/theme_maparaan/plugin.xml [-] Trying : http://127.0.0.1/themes/theme_maparaan/paquet.xml [-] Trying : http://127.0.0.1/themes/theme_initializr/plugin.xml [-] Trying : http://127.0.0.1/themes/theme_initializr/paquet.xml [-] Trying : http://127.0.0.1/themes/theme_ooCSS/plugin.xml [-] Trying : http://127.0.0.1/themes/theme_ooCSS/paquet.xml [-] Trying : http://127.0.0.1/themes/theme_californiumite/plugin.xml Vulnerabilities identification: $ python spipscan.py --website=http://127.0.0.1 --vulns Result: Application is located here : http://127.0.0.1/ [!] Version is : 2.1.12 [!] Plugin folder is : plugins/ [!] Potential Vulnerability : (versions : 2.0.21/2.1.16/3.0.3), SPIP connect Parameter PHP Injection, details : http://www.exploit-db.com/exploits/27941/ Sensitive folder identification: $ python spipscan.py --website=http://127.0.0.1 --sensitive_folders --verbose Result: Application is located here : http://127.0.0.1/ [!] Directory listing on folder : IMG/ [!] Directory listing on folder : prive/ [!] Directory listing on folder : local/ [!] Directory listing on folder : config/ [!] Directory listing on folder : local/ Bruteforce login on SPIP (v. 2.0.X): $ python spipscan.py --website=http://127.0.0.1 --path=/spip/ --users --bruteforce_logins_file=user_logins.db --verbose Result: Application is located here : http://127.0.0.1/spip/ [!] Version (in Headers) is : 2.0.24 Accessing http://127.0.0.1/spip/spip.php?page=login Form action args grabbed : 22S1TEIR6Ic7X9s41uTT+P8ntpRsNhjruYi5UZ5P8VMJ5VjfgqFrBeoa5+xz/roi9UtxAqw+j7bSTZiHHwjtj/kkOnzorNLXOneOGWXYIgNJI3uZdvq374q8NtT5nL7n56mO4+rJePWrUAhEXw== [!] Login found : admin [-] Tried login : administrator [-] Tried login : test [-] Tried login : guest [-] Tried login : root [-] Tried login : backup Download ZIP Source
Versus71 posted a topic in Programe hackingSIP Inspector is a tool written in JAVA to simulate different SIP messages and scenarios. You can create your own SIP signaling scenarios, customize SIP messages and monitor incoming and outgoing messages. The tool can play RTP streams from a pcap. SIP Inspector Tutorial - SIP Inspector Download SIP Inspector from SourceForge.net
Open Penetration Testing Bookmarks Collection...is just that, a collection of handy bookmarks I initially collected that aid me in my day to day work or I find in the course of research. They are not all inclusive and some sections need to be parsed but they are all good reference materials. I find having this Hackery folder in Firefox an easy way to reference syntax, tricks, methods, and generally facilitate and organize research. Categories: Hacker Media Blogs Worth It Forums Magazines Video Methodologies OSINT Presentations People and Organizational Infrastructure Exploits and Advisories Cheatsheets and Syntax Agile Hacking OS and Scripts Tools Distros Labs ISOs and VMs Vulnerable Software Test Sites Exploitation Intro Reverse Engineering & Malware Passwords and Hashes Wordlists Pass the Hash MiTM Tools OSINT Metadata Google Hacking Web Attack Strings Shells Scanners Burp Social Engineering Password Metasploit MSF Exploits or Easy NSE Net Scanners and Scripts Post Exploitation Netcat Source Inspection Firefox Addons Tool Listings Training/Classes Sec/Hacking Metasploit Programming Python Ruby Other Misc Web Vectors SQLi Upload Tricks LFI/RFI XSS Coldfusion Sharepoint Lotus JBoss VMWare Web Oracle App Servers SAP Wireless Capture the Flag/Wargames Conferences Misc/Unsorted Bookmarks List