Axiom: A Distributed Hacking Framework for Pentesters and Red Teamers
With the arrival of the concept known as dynamic cloud a few years ago, leaders in the computing and security industries immediately seized the opportunity. Not only did this new paradigm offer flexibility and scalability, its dynamic nature also entailed a more diverse portfolio of applications and similar consumables, readily available and masterfully presented as a single, coherent platform. To security practitioners, and to penetration testers in specific, this newfound agility forever transformed the traditional in-house penetration-testing ecosystem into an entirely dynamic framework.
JARM: A Solid Fingerprinting Tool for Detecting Malicious Servers
The literature on defensive security unanimously recognizes one fact: every so often, a tool comes out that provides blue teamers with an important advantage over their adversaries. This ever-elusive quest features essential requirements and commonalities, such as the ability to proactively seek and detect malicious hosts, or the capacity to swiftly respond to targeted network threats. And with a sharp rise in the number of incidents involving some form of malware or command and control (C2) activity resulting in data theft, vendors are in a tight race to gain their customers’ trust—by leveraging newer alternatives to legacy solutions amidst shrinking budgets.
DNSRecon: a powerful DNS reconnaissance tool
When it comes to the efficacy and proper functioning of any modern distributed network such as the Internet, few technologies seldom rise to the level of pivotal as DNS does.
Nikto: A Practical Website Vulnerability Scanner
The most critical part of any website is its web server. The web server is responsible for accepting requests from your visitors, understanding them, and giving your website visitors answers to their requests.
OpenVAS/GVM: An Open Source Vulnerability Scanning and Management System
Vulnerability scanning is one of the foundations of standard enterprise security. An enterprise with a good security posture will have: a firewall, some type of asset-mapping, a vulnerability scanner and possibly even a security team that does some type of pentesting. Keep in mind that the list above is not exhaustive, but the rudimentary outline of an enterprise with a few good security measures in place.
Shodan: Diving into the Google of IoT Devices
In this day and age, IoT devices are just about anywhere and everywhere. It’s not uncommon to find a smart TV, a WiFi router or even a webcam in the garage—not to mention all the other internet-connected devices we use every day.
Why It’s Important to Play in the Safe Zone and Use a Sandbox
Imagine an operating system without much security. Installing any new program would be risky business—it could replace your system files, discover passwords, even delete everything. Sounds like a nightmare? Well, that’s what a sandbox can prevent.
Attack Surface Mapper - A Tool for Boosting Your Reconnaissance Process
Are you aware of your infrastructure’s weakest spots? Attackers surely are. Target reconnaissance is one of their first steps toward getting full insight into an objective, one that will eventually develop into a complete attack strategy to compromise assets.
Subdomain-Enum: Enumerating Subdomains with the SecurityTrails API™
One of the core products at SecurityTrails is our API. And to ensure that its usage is simple and user-friendly, we strive to follow industry best practices and standardization that the user base will be familiar with.
#ProTips: Understanding a Leaky Internet with Gregory Boddin
Over the past few years, data breaches involving millions of leaked records have become the norm. A common offender we’re seeing more of is the presence of poorly secured and misconfigured databases connected to the Internet.