Posts

Penetration Testing February 17, 2025

Penetration Testing Steps

PLANNING

The pen tester gathers as much information as possible about a target system or network, its potential vulnerabilities and exploits to use against it. This involves conducting passive or active reconnaissance (footprinting) and vulnerability research.

SCANNING

The pen tester carries out active reconnaissance to probe a target system or network and identify potential weaknesses which, if exploited, could give an attacker access. Active reconnaissance may include:

Firewalls February 17, 2025

Firewalls

NETWORK LAYER FIREWALL

This filters communications based on source and destination IP addresses.

TRANSPORT LAYER FIREWALL

Filters communications based on source and destination data ports, as well as connection states.

APPLICATION LAYER FIREWALL

Filters communications based on an application, program or service.

CONTEXT AWARE LAYER FIREWALL

Filters communications based on the user, device, role, application type and threat profile.

PROXY SERVER

Filters web content requests like URLs, domain names and media types.

Softwarevulnerabilities February 17, 2025

Categorizing Software Vulnerabilities

BUFFER OVERFLOW

Buffers are memory areas allocated to an application. A vulnerability occurs when data is written beyond the limits of a buffer. By changing data beyond the boundaries of a buffer, the application can access memory allocated to other processes. This can lead to a system crash or data compromise, or provide escalation of privileges.

NON-VALIDATED INPUT

Programs often require data input, but this incoming data could have malicious content, designed to force the program to behave in an unintended way.

Passwordattacks February 17, 2025

Password Attacks

PASSWORD SPRAY

This technique attempts to gain access to a system by ‘spraying’ a few commonly used passwords across a large number of accounts. For example, a cybercriminal uses ‘Password123’ with many usernames before trying again with a second commonly-used password, such as ‘qwerty.’

This technique allows the perpetrator to remain undetected as they avoid frequent account lockouts.

DICTIONARY ATTACKS

A hacker systematically tries every word in a dictionary or a list of commonly used words as a password in an attempt to break into a password-protected account.

TypeOfMalware February 17, 2025

SPYWARE

Designed to track and spy on you, spyware monitors your online activity and can log every key you press on your keyboard, as well as capture almost any of your data, including sensitive personal information such as your online banking details. Spyware does this by modifying the security settings on your devices.

It often bundles itself with legitimate software or Trojan horses.

ADWARE

Adware is often installed with some versions of software and is designed to automatically deliver advertisements to a user, most often on a web browser. You know it when you see it! It’s hard to ignore when you’re faced with constant pop-up ads on your screen.

DNS Protocol and Attacks February 11, 2025

DNS Protocol & Attacks

Introduction

What is DNS?

DNS Stands for Domain Name System

DNS (Domain Name System):
- Translates human-friendly domain names (e.g., www.amazon.com, www.netflix.com) into numeric IP addresses that computers use to identify each other on the Internet.
The Human vs. Computer Paradigm:
- Humans can easily remember domain names, while computers rely on numeric IP addresses (e.g., IPv4 like 51.23.8.9 or IPv6 like 2400:CB00:2048:1::C629:D782).
DNS as the Internet’s Phonebook:

Introduce February 11, 2025

Hello and here we are to go!

nice trip :) !