Directories and Files enumeration is one of the first steps that an attacker performs during web application pentesting.
This step is necessary to identify potential hidden areas of a website that aren’t supposed to be accessible to public users. And sometimes, if the attacker is lucky, this step can provide that needed information that would make the exploitation of the website possible.
DIRB and Dirbuster are well-known examples of tools that can help in this web enumeration process. However, for this article, we will not be talking about any of these two, but instead, we will be covering Gobuster.
SQL injection (or SQLi) is often referenced as the most common type of attack on websites. It is being used extensively by hackers and pen-testers on web applications. The OWASP Top Ten lists SQL Injection, along with other types of injections, as the first security risk facing web applications.
Despite being around for more than 20 years, SQL injection is still effective on many websites and web applications that do not implement secure coding practices.
This article is aimed at complete beginners who do not have any knowledge about SQL injection. …
In this story, we will try to learn what malware is and how malware analysis works. This is aimed at complete beginners who have never tried malware analysis before. If that’s you, then this article can help you in making your first step in this field.
Malware is any program that does damage to a host without the consent of the user.
Although we tend to use the words virus and malware interchangeably, they are not the same thing. Malware is a broad term that includes, in addition to Viruses, other types of malicious programs like Worms and Trojans.
Nmap is an open-source network mapping tool developed by Gordon Lyon. It is widely used as a port scanner and a host discovery tool by network administrators and hackers world-wide.
The reason for its popularity is that it allows users to perform powerful scans using a combination of a small set of options. Using only these options, you can run effective and powerful scans by running specifically crafted commands.
But even if you are not familiar with Nmap, you can still use it by executing simple commands. These will allow you to get a few good scan results. …
If you’ve spent enough time on the web searching for practical resources to learn how to hack, then you should know by now what a hustle it is to find the right place to practice for a beginner in the field.
Although there are plenty of resources out there, they are either geared towards experienced hackers (HackTheBox), are only focused on one sub-field (DVWA and WebGoat), or are not free (Pentester Labs).
It is not very often that you come across a website that doesn’t fall within any of these three categories and still makes learning hacking so much fun.
Whenever you want to look for something on the Internet, you use Google. The giant search engine indexes almost everything on the web. It has made billions of web pages accessible for people to find. And so, by using it, you would have a greater chance of finding whatever you are searching for.
However, within the large sea of indexed web content and public data, pieces of sensitive information can sometimes find themselves landing on search results. And frequently, this happens without their owners realizing it.
A malicious hacker, by performing a technique called Google Dorking (or Google Hacking), can…
You had just gotten a job at a respectable firm. A client came up to you and asked you to design a computer network for their company. They provided you with a document containing all the necessary inputs that you would need to start working on this project. And now, the deadline is approaching, and you still don’t have a clue what to do.
Don’t panic. In this post, I will be walking you through this project. I provide you with a step-by-step guide on how to design your first computer network.
I invite you to follow along with me…
Any person who is seriously considering to become an ethical hacker should be aware of the challenges they might face. If you think that you will get to the expert level in a few weeks or months, then I’m sorry to bring you the bad news: It won’t be easy. In fact, it will take you years to reach a level that will allow you to seriously challenge real-world systems and finally monetize your hacking skills (Legally, of course).
Therefore, if you are not ready to put in the time and effort, then this might not be the right place…