This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Taken from: https://hackerlists.com/hacking-sites/ | |
22 Hacking Sites, CTFs and Wargames To Practice Your Hacking Skills | |
InfoSec skills are in such high demand right now. As the world continues to turn everything into an app and connect even the most basic devices to the internet, the demand is only going to grow, so it’s no surprise everyone wants to learn hacking these days. | |
However, almost every day I come across a forum post where someone is asking where they should begin to learn hacking or how to practice hacking. I’ve compiled this list of some of the best hacking sites to hopefully be a valuable resource for those wondering how they can build and practice their hacking skill set. I hope you find this list helpful, and if you know of any other quality hacking sites, please let me know in the comments, so I can add them to the list. | |
1. CTF365 https://ctf365.com/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Books to look for: | |
http://www.barnesandnoble.com/w/a-bug-hunters-diary-tobias-klein/1110853653?ean=9781593273859 | |
http://www.barnesandnoble.com/w/malware-forensics-cameron-h-malin/1111450972?ean=9781597492683 | |
http://www.barnesandnoble.com/w/hacking-web-apps-mike-shema/1110781208?ean=9781597499514 | |
http://www.barnesandnoble.com/w/professional-penetration-testing-thomas-wilhelm/1117354019?ean=9781597499934 | |
http://www.barnesandnoble.com/w/the-hackers-guide-to-os-x-robert-bathurst/1111893150?ean=9781597499507 | |
http://www.barnesandnoble.com/w/carry-on-bruce-schneier/1115806332?ean=9781118790816 | |
http://www.barnesandnoble.com/w/phishing-dark-waters-christopher-hadnagy/1120616529?ean=9781118958476 | |
http://www.barnesandnoble.com/w/network-security-through-data-analysis-michael-collins/1117219990?ean=9781449357900 | |
http://www.barnesandnoble.com/w/practical-reverse-engineering-bruce-dang/1118229651?ean=9781118787311 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From: http://www.dynamicciso.com/blog-details/aab3238922bcc25a6f606eb525ffdc56.html | |
Step by Step Guide to Application Security Penetration Testing | |
Posted By - DynamicCISO, Posted on - Friday, May 2nd, 2014 12:44:00 PM | |
This Article is reposted with prior permission from the Infosec Institute. To read more, you can visit the site HERE. | |
Introduction | |
This document will guide you to penetrate web applications step by step. We have followed OWASP (Open Web Application Security Project) and OSSTM (Open Source Security Testing Methodologies) to construct this article. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Penetration tests need to accomplish business goals, not just check for random holes. Here's how to get the most value for your efforts. | |
Why are you performing penetration tests? Whether you're using an internal team, outside experts or a combination of the two, are you simply satisfying regulatory or audit requirements, or do you actually expect to improve enterprise security? | |
We asked penetration testing experts for guidance on how to improve your program to get the most benefit for your time, money and effort. If you turn to outside expertise, their advice will show you what to expect and demand from consultants. The following 10 tips will show you understand the goal and focus of your testing; develop effective testing strategies; make effective use of your personnel; and make the most effective use of pen test results to remediate issues, improve processes and continuously improve enterprise security posture. | |
Penetration Test Tip 1: Define Your Goals | |
Penetration testing—really, all information securi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
How to take your pen test engagement to the next level | |
Much has been written about various tools and technical methods for running network penetration tests or pen tests. However running an effective and successful pen test requires some amount of technical management effort and planning to ensure that the test is successfully architected and executed. Below are 10 useful steps to consider and implement for your next network penetration test that will wow your team! | |
1. Comprehensive network assessment | |
A typical pen test at the simplest level does a penetration test of the company’s network and systems from the outside (external to the network) and optionally a test from the inside (internal to the network). Many companies choose to stick with the external assessment only. | |
A good comprehensive pen test approach is to have an external test together with an internal test and explore what internal vulnerabilities can be exploited. This external-to-internal pivot approach provides good visibility into the eff |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Penetration testing sample test cases (test scenarios): | |
Remember this is not functional testing. In Pentest your goal is to find security holes in the system. Below are some generic test cases and not necessarily applicable for all applications. | |
1) Check if web application is able to identify spam attacks on contact forms used in the website. | |
2) Proxy server – Check if network traffic is monitored by proxy appliances. Proxy server make it difficult for hackers to get internal details of the network thus protecting the system from external attacks. | |
3) Spam email filters – Verify if incoming and outgoing email traffic is filtered and unsolicited emails are blocked. Many email clients come with in-build spam filters which needs to be configured as per your needs. These configuration rules can be applied on email headers, subject or body. | |
4) Firewall – Make sure entire network or computers are protected with Firewall. Firewall can be a software or hardware to block unauthorized access to system. Firewall can p |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Penetration testing sample test cases (test scenarios): | |
Remember this is not functional testing. In Pentest your goal is to find security holes in the system. Below are some generic test cases and not necessarily applicable for all applications. | |
1) Check if web application is able to identify spam attacks on contact forms used in the website. | |
2) Proxy server – Check if network traffic is monitored by proxy appliances. Proxy server make it difficult for hackers to get internal details of the network thus protecting the system from external attacks. | |
3) Spam email filters – Verify if incoming and outgoing email traffic is filtered and unsolicited emails are blocked. Many email clients come with in-build spam filters which needs to be configured as per your needs. These configuration rules can be applied on email headers, subject or body. | |
4) Firewall – Make sure entire network or computers are protected with Firewall. Firewall can be a software or hardware to block unauthorized access to system. Firewall can p |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
5 tips to brand yourself during a job interview | |
Even if you have a good resume and good recommendation from industry reputed personalities, it is tough to find job these days. And if that’s not enough, you need to go through the dreadful interviews. | |
It is very important to sell yourself well, once you are seated in front of the interviewer. As a job applicant, you need to sell yourself as a brand to a potential employer, the same way a salesman would do to push you to buy that particular smartphone. Remember they are investing their trust and as a job applicant, you need to win over that trust for them to employ you for the job. | |
To crack an interview successfully, you need to know these 5 tips: | |
Know your task |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
GIAC Web Application Penetration Tester (GWAPT): | |
Renewed: Every 4 years. | |
The topic areas for each exam part follow: | |
Cross Site Request Forgery, Cross Site Scripting and Client Injection Attack | |
The candidate will demonstrate an understanding of Cross Site Request Forgery, Cross Site Scripting and Client Injection attacks and the tools and techniques used to discover and exploit vulnerabilities. | |
Reconnaissance and Mapping | |
The candidate will demonstrate an understanding of the techniques used to conduct discovery, exploration and investigation of a web site and web application features such as port scanning, identifying services and configurations, spidering, application flow charting and session analysis. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
“Ten Immutable Laws Of Security”: | |
Law #1: If a bad guy can persuade you to run his program on your computer, it’s not solely your computer anymore. | |
Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore. | |
Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore. | |
Law #4: If you allow a bad guy to run active content in your website, it’s not your website any more. | |
Law #5: Weak passwords trump strong security. | |
Law #6: A computer is only as secure as the administrator is trustworthy. | |
Law #7: Encrypted data is only as secure as its decryption key. | |
Law #8: An out-of-date antimalware scanner is only marginally better than no scanner at all. |