Search the Community
Showing results for tags 'testing'.
-
Hi, Another great resource for pentesting and programming is edX. They have some free and paid courses. Worth taking a look, Software Development Fundamentals: https://www.edx.org/course/software-development-fundamentals-pennx-sd1x Intro to Computing using Python: https://www.edx.org/course/introduction-computing-using-python-gtx-cs1301x Data Science Orientation: https://www.edx.org/course/data-science-orientation-microsoft-dat101x-2 How VR Works: https://www.edx.org/course/how-virtual-reality-vr-works-uc-san-diegox-cse165x Comp Sci Essentials for software development: https://www.edx.org/professional-certificate/computer-science-essentials-software Java and Android foundation: https://www.edx.org/professional-certificate/java-android-foundation Software Development: https://www.edx.org/micromasters/software-development Machine Learning: https://www.edx.org/course/machine-learning-columbiax-csmm-102x-0 Artificial Intelligence: https://www.edx.org/course/artificial-intelligence-ai-columbiax-csmm-101x-0 How to Code: simple data: https://www.edx.org/course/how-code-simple-data-ubcx-htc1x Professional Android App Development: https://www.edx.org/course/professional-android-app-development-galileox-caad003x There are many more courses to be explored, these are just some courses I find interest in. Good Luck.
-
https://comp.st/o3iG thank me later
- 5 replies
-
- 3
-
- tutorial
- penetration
- (and 6 more)
-
Hi all, while surfing various IRC Channels, i have come across a list of very useful links, courses to get into hacking URL: https://ghostbin.com/paste/j858d There are courses for computer basics, hacking, programming and many more Good luck in your long journey of learning!
-
Hi all, there is a website that I found where you can practice your website hacking skills. There are 50 vulnerabilities to be found, this website goes along with the courses from my previous course where I provide a URL with a plethora of courses The URL of this website: http://hackyourselffirst.troyhunt.com/ Good luck.
-
CWHH level 1 Advanced is a hands on courses which teaches using different security tools on both web security testing and network security testing. The course teaches you how to use the webtools so that you can test the webportals as a tester. If you are programmer then you can use the same webtools and write secure codes. leak source: Certified White Hat Hacker Level 1(Advanced) - Thieves-Team download: GirlShare - Download certified-white-hat-hacker-level-1-advanced.rar udemy: https://www.udemy.com/certified-white-hat-hacker-level-1-advanced/
-
Sources: http://googleprojectzero.blogspot.ca/2015/03/exploiting-dram-rowhammer-bug-to-gain.html https://code.google.com/p/google-security-research/issues/detail?id=284 Full PoC: http://www.exploit-db.com/sploits/36311.tar.gz This is a proof-of-concept exploit that is able to escape from Native Client's x86-64 sandbox on machines that are susceptible to the DRAM "rowhammer" problem. It works by inducing a bit flip in read-only code so that the code is no longer safe, producing instruction sequences that wouldn't pass NaCl's x86-64 validator. Note that this uses the CLFLUSH instruction, so it doesn't work in newer versions of NaCl where this instruction is disallowed by the validator. There are two ways to test the exploit program without getting a real rowhammer-induced bit flip: * Unit testing: rowhammer_escape_test.c can be compiled and run as a Linux executable (instead of as a NaCl executable). In this case, it tests each possible bit flip in its code template, checking that each is handled correctly. * Testing inside NaCl: The patch "inject_bit_flip_for_testing.patch" modifies NaCl's dyncode_create() syscall to inject a bit flip for testing purposes. This syscall is NaCl's interface for loading code dynamically. Mark Seaborn mseaborn@chromium.org March 2015 Source
-
Contents Author BIOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Executive Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 What is Pen-Testing? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Pen-Testing vs. Vulnerability Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 How Vulnerabilities Are Identified . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Why Perform Pen-Testing? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Find Holes Now Before Somebody Else Does. . . . . . . . . . . . . . . . . . . . . . . . . 5 Report Problems To Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Verify Secure Configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Security Training For Network Staff . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Discover Any Gaps In Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Testing New Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Pen-Testing Tools And Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Reconnaissance Tools: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Nmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Nessus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Packet Manipulation and Password Cracking Tools . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Exploitation Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Metasploit Version 2.5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 SecurityForest Exploitation Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 CORE IMPACT (version 5.1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 The Penetration Testing Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Analysis Of CORE IMPACT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Test Lab Network Diagram. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Detailed Review Of Test Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Review Of CORE IMPACT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Metasploit Framework 3.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Read more: http://www.sans.org/reading-room/whitepapers/analyst/penetration-testing-assessing-security-attackers-34635
-
ebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with web application planning and exploitation. Suite currently contains a spectrum of efficient, fast and stable web tools (Crawler, Bruteforcer, Fuzzer, Proxy, Editor) and some extra functionality tools (Scripting Filters, List Generator, External Proxy). Download: Sunrise Technologies
-
Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more. Download: https://github.com/google/nogotofail
-
- issues
- nogotofail
-
(and 3 more)
Tagged with:
-
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Windows installer. Changes: An integrated add-ons marketplace, a new Ajax spider, Session scope, and various other features and improvements have been added. Download ZAP_2.0.0_Windows.exe (71 MB) Download ZAP_2.0.0_Mac_OS_X.zip (126.7 MB) Download ZAP_2.0.0_Linux.tar.gz (76.6 MB) Sources: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project Security Tool Files ? Packet Storm
-
- penetration
- testing
-
(and 2 more)
Tagged with:
-
...is just that, a collection of handy bookmarks I initially collected that aid me in my day to day work or I find in the course of research. They are not all inclusive and some sections need to be parsed but they are all good reference materials. I find having this Hackery folder in Firefox an easy way to reference syntax, tricks, methods, and generally facilitate and organize research. Categories: Hacker Media Blogs Worth It Forums Magazines Video Methodologies OSINT Presentations People and Organizational Infrastructure Exploits and Advisories Cheatsheets and Syntax Agile Hacking OS and Scripts Tools Distros Labs ISOs and VMs Vulnerable Software Test Sites Exploitation Intro Reverse Engineering & Malware Passwords and Hashes Wordlists Pass the Hash MiTM Tools OSINT Metadata Google Hacking Web Attack Strings Shells Scanners Burp Social Engineering Password Metasploit MSF Exploits or Easy NSE Net Scanners and Scripts Post Exploitation Netcat Source Inspection Firefox Addons Tool Listings Training/Classes Sec/Hacking Metasploit Programming Python Ruby Other Misc Web Vectors SQLi Upload Tricks LFI/RFI XSS Coldfusion Sharepoint Lotus JBoss VMWare Web Oracle App Servers SAP Wireless Capture the Flag/Wargames Conferences Misc/Unsorted Bookmarks List