Tagged articles

121 articles

Page 1 of 2

May 12, 2026 · Information Security

From an External Weak Password to Full Internal Access: A School Network Penetration Walkthrough

The article details a step‑by‑step penetration test of an educational network, starting with a weak external credential on a virtual teaching lab, harvesting teacher IDs, exploiting default webvpn and SSLVPN logins, and ultimately reaching an internal WebLogic server, highlighting the danger of weak passwords in schools.

SSLVPNWebLogiceducation network

0 likes · 3 min read

From an External Weak Password to Full Internal Access: A School Network Penetration Walkthrough

Black & White Path

May 9, 2026 · Information Security

AutoPentestX: An Automated Linux Penetration Testing Toolkit for Faster Red‑Team Assessments

AutoPentestX is an open‑source, Linux‑focused automated penetration testing framework that integrates tools like Nmap, Nikto, SQLMap and Metasploit into a single command workflow, stores results in SQLite, generates detailed PDF reports, and includes installation, usage instructions, legal compliance notes, and future development plans.

AutomationLinuxMetasploit

0 likes · 7 min read

AutoPentestX: An Automated Linux Penetration Testing Toolkit for Faster Red‑Team Assessments

Black & White Path

May 8, 2026 · Information Security

CeWL 5.0 Adds Proxy and Authentication Support for Custom Wordlist Generation

CeWL 5.0, the Ruby‑based custom wordlist generator, now supports proxy configuration and HTTP Basic/Digest authentication, enabling penetration testers to crawl credential‑protected internal sites and extract targeted vocabulary for password‑cracking tools such as John the Ripper.

CeWLHTTP authenticationRuby

0 likes · 4 min read

CeWL 5.0 Adds Proxy and Authentication Support for Custom Wordlist Generation

Black & White Path

May 5, 2026 · Information Security

HackingTool: One Terminal Access to 185+ Penetration Testing Tools (50K+ Stars)

HackingTool is an open‑source all‑in‑one penetration‑testing toolbox that bundles over 185 security tools into a single interactive terminal menu, offering quick one‑command installation, Docker support, and categorized modules that streamline red‑team workflows.

DockerInformation GatheringRed Team

0 likes · 8 min read

HackingTool: One Terminal Access to 185+ Penetration Testing Tools (50K+ Stars)

Black & White Path

May 3, 2026 · Information Security

Pentest‑AI: One‑Command, Fully Automated Penetration Testing in 4 Minutes

Pentest‑AI is an MIT‑licensed, locally‑run framework that automates reconnaissance, authentication, vulnerability chaining, PoC validation, and report generation for web, AD, cloud, and more, delivering a client‑ready Markdown/HTML/PDF/SARIF report in about four minutes with a single command.

AI securityAutomationCI/CD integration

0 likes · 10 min read

Pentest‑AI: One‑Command, Fully Automated Penetration Testing in 4 Minutes

Black & White Path

May 2, 2026 · Information Security

Phalanx: An Open‑Source Autonomous Pentesting Assistant for Kali Linux

Phalanx is an open‑source, polyglot‑based automation framework for Kali Linux that coordinates Python, Bash and other scripts, provides a planner, engine and reporting modules, integrates with tools like Nmap and Metasploit, and generates traceable logs for efficient and flexible penetration testing.

AutomationKali Linuxopen source

0 likes · 4 min read

Phalanx: An Open‑Source Autonomous Pentesting Assistant for Kali Linux

Black & White Path

Apr 27, 2026 · Information Security

How I Exploited Multiple Vulnerabilities in a University System

This article details a step‑by‑step penetration test on a university’s web platform, covering XSS file uploads, JWT tampering for arbitrary login, massive personal data leakage, SQL injection payloads, and the exposure of several AK/SK secrets, all with concrete screenshots and commands.

JWTSQL injectionXSS

0 likes · 5 min read

How I Exploited Multiple Vulnerabilities in a University System

Black & White Path

Apr 21, 2026 · Information Security

Automated Android Penetration Test Command Generator: Parse AndroidManifest to Create Drozer Payloads

DrozerForge is a Python tool that parses an app's AndroidManifest.xml, automatically discovers security‑relevant components such as risky global settings, exported activities, deep‑link URLs, services/receivers, and content providers, and then prints ready‑to‑run Drozer commands for each finding.

AndroidAndroidManifestDrozer

0 likes · 11 min read

Automated Android Penetration Test Command Generator: Parse AndroidManifest to Create Drozer Payloads

Black & White Path

Apr 21, 2026 · Information Security

A Full-Scale Penetration Test Walkthrough: From MSSQL Weak Passwords to Nacos N‑Day Exploits

This article documents a complete penetration test on a newly deployed environment, detailing how weak credentials, unauthenticated services, and misconfigurations in MSSQL, Nacos, Oracle, Telnet, OA, NC, Redis, Spring, and frontend assets were systematically discovered and exploited, with step‑by‑step screenshots illustrating each compromise.

MSSQLNacosOracle

0 likes · 6 min read

A Full-Scale Penetration Test Walkthrough: From MSSQL Weak Passwords to Nacos N‑Day Exploits

Black & White Path

Apr 16, 2026 · Information Security

Bypassing Alibaba Cloud WAF on a Financial Site via MySQL Chain Comparison

During an authorized penetration test of a financial institution’s website protected by Alibaba Cloud WAF, the author discovered a SQL injection point, used MySQL’s chain‑comparison feature to close the injection, identified the database type, and crafted boolean‑based payloads—including POSITION and binary tricks—to extract the current user name character by character.

Alibaba Cloud WAFBoolean blind injectionPOSITION function

0 likes · 7 min read

Bypassing Alibaba Cloud WAF on a Financial Site via MySQL Chain Comparison

Black & White Path

Apr 11, 2026 · Information Security

Why Network Security Professionals Must Reject AI‑Driven Automation

It warns that over‑reliance on AI‑based automatic penetration tools erodes manual reverse‑engineering skills, jeopardizes national cyber defense, and endangers colleagues, urging security experts to retain hands‑on expertise and avoid becoming dependent on AI.

AI ethicsCyber Defenseinformation security

0 likes · 3 min read

Why Network Security Professionals Must Reject AI‑Driven Automation

Linux Tech Enthusiast

Apr 8, 2026 · Information Security

Stop Searching—All Essential Linux Commands for Security in One Guide

This article compiles the most frequently used Linux commands for security professionals, covering file handling, text processing, permission control, system monitoring, compression, file searching, other common utilities, and command combinations, each illustrated with clear screenshots for quick reference.

Cheat SheetLinuxSecurity

0 likes · 2 min read

Stop Searching—All Essential Linux Commands for Security in One Guide

Go Development Architecture Practice

Apr 7, 2026 · Information Security

What’s New in Kali Linux 2026.1? A Deep Dive into Security Tools and Mobile Pentesting

Kali Linux 2026.1 arrives with a Linux 6.18 kernel, a refreshed visual theme, a nostalgic BackTrack mode, eight new security tools, significant NetHunter mobile‑pentesting enhancements, and important cautions for SDR users, while offering multiple download options for various platforms.

Kali LinuxLinux kernelNetHunter

0 likes · 6 min read

What’s New in Kali Linux 2026.1? A Deep Dive into Security Tools and Mobile Pentesting

Black & White Path

Apr 4, 2026 · Information Security

Penetrating a Mobile App: Unpacking, Root Bypass, Component Export & Data Leak Exploits

This article walks through a real‑world mobile app penetration, covering how to detect and strip protection, unpack the APK, bypass root checks, exploit exported components, extract unencrypted backups and credentials, and harvest leaked OSS tokens, all illustrated with concrete commands and screenshots.

APK unpackingOSS credential leakcomponent export

0 likes · 7 min read

Penetrating a Mobile App: Unpacking, Root Bypass, Component Export & Data Leak Exploits

Black & White Path

Mar 28, 2026 · Information Security

Network Security Red Book: 700+ Tools from Recon to Internal Penetration

This article compiles over 700 high‑quality open‑source security projects from GitHub, categorised by functional scenarios such as automated reconnaissance, information gathering, vulnerability exploitation, internal network penetration, evasion, and incident response, providing a comprehensive practical toolkit for red‑team, blue‑team and security researchers.

network securityopen sourcepenetration testing

0 likes · 18 min read

Network Security Red Book: 700+ Tools from Recon to Internal Penetration

Black & White Path

Mar 28, 2026 · Information Security

Shannon AI Penetration Tester Delivers 96% Exploit Success Rate

Shannon is an AI‑driven penetration testing agent that automatically discovers, exploits, and reports vulnerabilities with zero false positives, achieving a 96.15% exploit success rate across OWASP Juice Shop and other benchmarks, while offering fully autonomous operation, code‑aware attacks, and parallel processing.

AIAutomationinformation security

0 likes · 6 min read

Shannon AI Penetration Tester Delivers 96% Exploit Success Rate

Black & White Path

Mar 26, 2026 · Information Security

ProjectDiscovery Unveils Neo: AI‑Driven Autonomous Penetration Testing Platform at RSAC 2026

At RSAC 2026, ProjectDiscovery launched Neo, an AI‑powered, end‑to‑end autonomous penetration testing platform that integrates 30+ security agents, delivers verifiable exploits, and outperformed traditional scanners by finding 66 vulnerabilities—including 24 unseen by any other tool—in three AI‑generated full‑stack applications.

AI securityBenchmarkNeo platform

0 likes · 6 min read

ProjectDiscovery Unveils Neo: AI‑Driven Autonomous Penetration Testing Platform at RSAC 2026

Black & White Path

Mar 25, 2026 · Information Security

How an AI Agent Automates Penetration Testing: A Hands‑On Walkthrough

This article details a step‑by‑step penetration test where an AI Agent on Kali Linux, invoked via the OpenClaw framework, automatically performs environment checks, deep scanning, vulnerability discovery, bulk fingerprint searching, and report generation, highlighting both its efficiencies and remaining manual decision points.

AIAutomationOpenClaw

0 likes · 6 min read

How an AI Agent Automates Penetration Testing: A Hands‑On Walkthrough

Black & White Path

Mar 7, 2026 · Information Security

How I Uncovered Multiple Vulnerabilities in My Alma Mater’s Campus App

The article details an authorized penetration test of a university campus app, revealing sensitive data leakage, horizontal and vertical privilege escalation, face‑photo tampering, and a stored XSS flaw, each demonstrated step‑by‑step with packet captures and screenshots.

information leakagemobile app securitypenetration testing

0 likes · 6 min read

How I Uncovered Multiple Vulnerabilities in My Alma Mater’s Campus App

AI Explorer

Mar 5, 2026 · Information Security

Shannon Lite: Fully Automated AI-Powered White-Box Penetration Testing for Modern CI/CD

Shannon Lite, an open-source AI-driven white-box penetration testing tool from Keygraph, automatically analyzes source code and performs real-world attacks on web applications and APIs, delivering exploitable vulnerability reports with a 96.15% success rate, and integrates seamlessly into CI/CD pipelines for rapid security testing.

AI securityShannon Liteci/cd

0 likes · 7 min read

Shannon Lite: Fully Automated AI-Powered White-Box Penetration Testing for Modern CI/CD

AI Explorer

Mar 4, 2026 · Information Security

Shannon AI Hacker Achieves 96% Success in Automated Web Vulnerability Detection

Shannon, an autonomous AI-driven penetration testing agent, bridges the speed‑security gap created by rapid AI‑assisted coding by automatically analyzing source code, mapping attack paths, and executing real exploits, achieving a 96.15% success rate on the XBOW benchmark and uncovering over 20 critical flaws in the OWASP Juice Shop demo.

AIAutomationWeb Security

0 likes · 7 min read

Shannon AI Hacker Achieves 96% Success in Automated Web Vulnerability Detection

Black & White Path

Feb 28, 2026 · Information Security

A Complete Guide to Mobile App Penetration Testing

This article presents a thorough mobile app penetration‑testing guide covering objectives, scope, testing methods, step‑by‑step workflow, recommended tools, reporting structure, and remediation advice to help developers and security professionals secure their applications.

Dynamic analysisfuzz testingmobile app

0 likes · 11 min read

A Complete Guide to Mobile App Penetration Testing

Black & White Path

Feb 26, 2026 · Information Security

How to Bypass Internal Firewalls and Achieve Lateral Privilege Movement?

This article explains the core logic of internal firewalls, outlines compliant bypass techniques for boundary, segmentation, and host firewalls, and then details step‑by‑step lateral movement methods—including credential reuse, tunneling, and legitimate tool abuse—while emphasizing safe, authorized testing practices.

Lateral Movementcredential reusefirewall bypass

0 likes · 33 min read

How to Bypass Internal Firewalls and Achieve Lateral Privilege Movement?

Black & White Path

Feb 25, 2026 · Information Security

100 Essential Commands for Internal Network Penetration Testing

This guide compiles 100 high‑frequency native commands for Windows and Linux that cover internal network reconnaissance, host discovery, lateral movement, privilege escalation, domain enumeration, file searching, log cleaning and persistence, providing a practical reference for security professionals conducting penetration tests.

LinuxNetwork ReconnaissanceWindows

0 likes · 13 min read

100 Essential Commands for Internal Network Penetration Testing

Black & White Path

Feb 25, 2026 · Information Security

AI vs Human Hackers: Who Will Dominate Penetration Testing in 2026?

A joint study by Wiz and Irregular pits leading LLM agents against a senior pentester across ten real‑world vulnerability scenarios, revealing that AI can breach nine targets at under $10 per attack yet still lags in tool usage, creative reasoning, and prioritisation, offering crucial insights for security professionals.

AI securityhuman vs AIlarge language models

0 likes · 13 min read

AI vs Human Hackers: Who Will Dominate Penetration Testing in 2026?

Black & White Path

Feb 24, 2026 · Information Security

Common Privilege‑Escalation Vulnerabilities in Penetration Testing

This article systematically details the most frequently encountered privilege‑escalation flaws in penetration testing, covering Windows service misconfigurations, registry hijacking, kernel exploits, DLL hijacking, Linux SUID/SGID abuse, sudo misconfigurations, cron abuse, writable passwd files, and Docker escape techniques, along with step‑by‑step exploitation procedures and defensive recommendations.

CVELinuxSUID

0 likes · 29 min read

Common Privilege‑Escalation Vulnerabilities in Penetration Testing

Black & White Path

Feb 24, 2026 · Information Security

How a Training Platform’s Weak Credentials Exposed Medium‑Risk Vulnerabilities

The author walks through a penetration test of a corporate training platform, capturing plaintext login traffic, extracting captchas, enumerating user accounts, discovering shared passwords, and fuzzing a course‑id parameter that reveals absolute file paths, ultimately identifying only medium‑severity issues.

fuzzinginformation securitypath disclosure

0 likes · 3 min read

How a Training Platform’s Weak Credentials Exposed Medium‑Risk Vulnerabilities

Black & White Path

Feb 23, 2026 · Information Security

Stop Random Brute‑Force: The Complete Guide to Internal Network Credential Collection

This article provides a step‑by‑step technical guide for gathering internal network credentials—including Windows memory dumping with Mimikatz, Linux /etc shadow extraction, network service scanning with SharpScan, Kerberoasting attacks, password‑spraying tactics, and defensive recommendations—targeted at authorized penetration‑testing scenarios.

KerberoastingMimikatzSharpScan

0 likes · 24 min read

Stop Random Brute‑Force: The Complete Guide to Internal Network Credential Collection

Black & White Path

Feb 22, 2026 · Information Security

30 Practical Web Penetration Testing Techniques You Must Know

This guide walks through 30 hands‑on web penetration testing techniques covering the full workflow—from information gathering and vulnerability discovery to privilege escalation, internal network pivoting, and defense evasion—providing concrete commands, tool recommendations, and real‑world tips for security engineers and testers.

Information GatheringWeb Securitydefense evasion

0 likes · 26 min read

30 Practical Web Penetration Testing Techniques You Must Know

Black & White Path

Feb 18, 2026 · Information Security

How to Bypass Internal Firewalls and Achieve Lateral Privilege Movement

This article explains the core logic of internal firewalls, outlines practical techniques for bypassing boundary, segmentation, and host firewalls—including legitimate‑port tunneling, rule‑configuration flaws, jump‑host exploitation, and tunneling methods—and then details step‑by‑step credential‑reuse and tool‑abuse strategies for stealthy lateral movement within a compromised network.

Lateral Movementcredential reusefirewall bypass

0 likes · 35 min read

IT Services Circle

Feb 10, 2026 · Information Security

Can AI Secure Its Own Code? Inside Shannon, the Autonomous Penetration Tester

After adopting AI coding tools like Claude Code and Codex, developers see productivity soar, but faster code introduces more vulnerabilities; the open‑source project Shannon, now topping GitHub Trending, acts as an autonomous AI penetration tester that attacks your web app, proves exploits, and reports only successful attacks, helping secure AI‑generated code.

AIAutomationDocker

0 likes · 6 min read

Can AI Secure Its Own Code? Inside Shannon, the Autonomous Penetration Tester

Woodpecker Software Testing

Jan 15, 2026 · Information Security

Penetration Testing vs Internet Exposure Surface Scanning: Key Differences Explained

The article compares penetration testing and internet exposure surface detection, outlining their definitions, processes, tools, typical use cases, distinct goals and methodologies, and recommends combining both for a comprehensive security assessment.

exposure surface detectionnetwork securitypenetration testing

0 likes · 8 min read

Penetration Testing vs Internet Exposure Surface Scanning: Key Differences Explained

Woodpecker Software Testing

Dec 25, 2025 · Information Security

How BugTrace‑AI Leverages Generative AI to Supercharge Penetration Testing

BugTrace‑AI is an open‑source suite that combines generative AI with SAST, DAST, and specialized reconnaissance and payload tools to automate vulnerability hypothesis generation, streamline scanning, and provide actionable reports, all delivered through a lightweight React interface and Docker deployment.

AIDASTDocker

0 likes · 5 min read

How BugTrace‑AI Leverages Generative AI to Supercharge Penetration Testing

Liangxu Linux

Nov 23, 2025 · Information Security

Kali Linux 2025.3 Released: Nexmon Wi‑Fi Support, New Pentest Tools & Faster VM Images

Kali Linux 2025.3 arrives with restored Nexmon wireless injection, a revamped VM image build process, removal of ARMEL support, Xfce desktop tweaks, mobile and automotive security upgrades, plus ten brand‑new penetration‑testing tools and detailed upgrade instructions.

Kali LinuxLinuxNexmon

0 likes · 6 min read

Kali Linux 2025.3 Released: Nexmon Wi‑Fi Support, New Pentest Tools & Faster VM Images

Ops Community

Nov 3, 2025 · Information Security

Why Wireshark Is Essential for Network Security Professionals

Wireshark, the open‑source packet analyzer formerly known as Ethereal, captures live network traffic on Windows and UNIX systems and is widely used for network management, security analysis, troubleshooting, and especially penetration testing, offering capabilities such as data capture, unencrypted information detection, attack behavior analysis, vulnerability discovery, and real‑time monitoring.

Packet CaptureSecurityWireshark

0 likes · 2 min read

Why Wireshark Is Essential for Network Security Professionals

Ops Community

Oct 28, 2025 · Information Security

Master Vulnerability Scanning: Xray, X‑Scan, AppScan & Nessus Quick‑Start Guide

This article explains what vulnerability scanning is and provides concise, step‑by‑step instructions for using four popular security scanners—Xray, X‑Scan, IBM AppScan, and Nessus—including download links, command‑line examples, plugin selection, and result export, while omitting promotional content.

AppScanX-ScanXray

0 likes · 6 min read

Master Vulnerability Scanning: Xray, X‑Scan, AppScan & Nessus Quick‑Start Guide

Ray's Galactic Tech

Oct 26, 2025 · Information Security

How to Build a Full‑Featured Network Security Shell Script Library

This guide presents a comprehensive network security shell script library, outlining modular design principles, a categorized inventory of over 180 scripts for reconnaissance, vulnerability scanning, monitoring, incident response, credential management, automation, and utility tools, along with practical build strategies and usage tips for secure, portable deployments.

Shell Scriptsinformation securitynetwork security

0 likes · 12 min read

How to Build a Full‑Featured Network Security Shell Script Library

DevOps Operations Practice

Aug 5, 2025 · Information Security

Master Web Security Testing with ZAP: Core Features, Usage, and CI/CD Integration

ZAP (Zed Attack Proxy) is an OWASP open-source web application security testing tool that offers proxy interception, active and passive scanning, integrates with CI/CD pipelines, and supports manual and automated testing to detect vulnerabilities such as SQL injection, XSS, SSRF, and compliance issues.

Active ScanDevSecOpsPassive Scan

0 likes · 5 min read

Master Web Security Testing with ZAP: Core Features, Usage, and CI/CD Integration

MaGe Linux Operations

Jul 28, 2025 · Information Security

Master Docker Container Security: Real Attack Scenarios & Defense Strategies

Explore comprehensive Docker container security from an attacker’s perspective to expert defenses, featuring real-world escape incidents, threat matrices, five detailed penetration testing scenarios, enterprise-grade protection frameworks, monitoring scripts, and actionable best practices for securing images, runtimes, networks, and access controls.

Container SecurityDevSecOpsDocker

0 likes · 17 min read

Master Docker Container Security: Real Attack Scenarios & Defense Strategies

DevOps Operations Practice

Jul 18, 2025 · Information Security

Master Web Security Testing with ZAP: Core Features, Usage & CI/CD Integration

ZAP (Zed Attack Proxy), an OWASP open‑source web application security testing tool, offers proxy interception, active and passive scanning, CI/CD integration via Docker or command line, and is suited for penetration testing, DevSecOps, and compliance checks such as OWASP Top 10 and PCI DSS.

Active ScanPassive ScanWeb Security

0 likes · 5 min read

Master Web Security Testing with ZAP: Core Features, Usage & CI/CD Integration

Open Source Linux

Apr 10, 2025 · Information Security

Explore Tscanplus: A Powerful All-in-One Network Security & Asset Management Tool

Tscanplus is a comprehensive network security and operations platform that quickly discovers and identifies assets, builds an asset database, and offers features such as port scanning, service detection, URL fingerprinting, POC validation, weak‑password guessing, encoding tools, privilege‑escalation aids, and more, with usage screenshots and a GitHub download link.

Tscanplusasset discoveryinformation security

0 likes · 2 min read

Explore Tscanplus: A Powerful All-in-One Network Security & Asset Management Tool

Raymond Ops

Mar 5, 2025 · Information Security

Essential Kali Linux Penetration Testing Tools and How to Use Them

Explore the most common Kali Linux penetration testing utilities—including Nmap, Metasploit, Hydra, Wireshark, and more—organized by categories such as information gathering, vulnerability exploitation, password cracking, and network monitoring, with brief usage commands and guidance for each tool.

Kali LinuxNetwork Scanningmalware analysis

0 likes · 11 min read

Essential Kali Linux Penetration Testing Tools and How to Use Them

Liangxu Linux

Nov 10, 2024 · Information Security

Essential Linux Penetration Testing Commands Cheat Sheet

A comprehensive cheat sheet of high‑frequency Linux penetration‑testing commands covering system information, package management, user handling, compression, file operations, Samba access, shell bypass techniques, miscellaneous utilities, bash history clearing, filesystem permissions, and privilege‑escalation tips.

Command Cheat SheetEnumerationLinux

0 likes · 7 min read

Essential Linux Penetration Testing Commands Cheat Sheet

Huolala Safety Emergency Response Center

Oct 31, 2024 · Information Security

Understanding JWT Attack Surfaces and How to Test Them

This article explains the structure of JSON Web Tokens, enumerates common attack vectors such as algorithm confusion, weak keys, replay, header injection, and provides practical mitigation steps and a step‑by‑step testing methodology with relevant tools and code examples.

AuthenticationInfoSecJSON Web Token

0 likes · 14 min read

Understanding JWT Attack Surfaces and How to Test Them

DevOps Operations Practice

Jul 11, 2024 · Information Security

Top 7 Penetration Testing Tools and Their Key Features

This article introduces seven leading penetration testing tools—including Kali Linux, Metasploit, Wireshark, Nmap, Burp Suite, Acunetix, and Nessus—detailing their primary features and how they help security professionals identify and mitigate vulnerabilities effectively.

Burp SuiteKali LinuxMetasploit

0 likes · 9 min read

Top 7 Penetration Testing Tools and Their Key Features

FunTester

Jun 26, 2024 · Information Security

Mastering Web Application Penetration Testing: Methods, Types, and Best Practices

Web application penetration testing is a systematic security assessment that identifies vulnerabilities such as SQL injection, XSS, CSRF, insecure authentication, and file‑upload flaws, using methods ranging from black‑box to manual testing, and follows best practices like OWASP guidelines to protect data, privacy, and system integrity.

OWASPWeb Securityinformation security

0 likes · 11 min read

Mastering Web Application Penetration Testing: Methods, Types, and Best Practices

MaGe Linux Operations

Jun 11, 2024 · Information Security

Essential Kali Linux Penetration Testing Tools and How to Use Them

This guide lists the most common Kali Linux penetration testing utilities—including Nmap, Metasploit, Hydra, Wireshark, and many others—explaining their primary functions and providing concise command‑line examples for quick reference.

Kali LinuxNetwork Scanningmalware analysis

0 likes · 10 min read

Python Programming Learning Circle

Apr 29, 2024 · Information Security

Why Python Is Ideal for the Cybersecurity Industry and Its Common Applications

The article explains how Python's simplicity, extensive ecosystem, versatility, and strong automation capabilities make it a preferred language for cybersecurity professionals, outlining five key reasons and showcasing typical use cases such as network scanning, penetration testing, malware analysis, security auditing, and tool development.

Network Scanningcybersecurityinformation security

0 likes · 6 min read

Why Python Is Ideal for the Cybersecurity Industry and Its Common Applications

Open Source Linux

Apr 25, 2024 · Information Security

Mastering Internal Network Access: FRP, reGeorg, SSH Tunneling & Proxy Tools

This guide details multiple traffic‑proxy and port‑forwarding techniques—FRP, reGeorg + Proxifier, SSH dynamic tunnels, Earthworm with SocksCap, and proxychains-ng—providing step‑by‑step commands, configuration files, and practical examples for penetrating isolated internal networks.

ProxySSHfrp

0 likes · 11 min read

Mastering Internal Network Access: FRP, reGeorg, SSH Tunneling & Proxy Tools

Liangxu Linux

Apr 23, 2024 · Information Security

Mastering Internal Network Tunneling: frp, reGeorg, SSH & Earthworm Techniques

Learn how to bypass internal network restrictions during penetration testing by using frp port forwarding, reGeorg with Proxifier, SSH dynamic tunnels, and Earthworm/Ew tools, complete with step‑by‑step commands, configuration files, and practical examples for establishing reliable internal proxies.

SSHfrpnetwork tunneling

0 likes · 11 min read

Mastering Internal Network Tunneling: frp, reGeorg, SSH & Earthworm Techniques

DevOps Operations Practice

Apr 21, 2024 · Information Security

Overview of Kali Linux: Features, Tools, and Use Cases

Kali Linux, a Debian‑based distribution maintained by Offensive Security, bundles over 600 penetration‑testing and digital‑forensics tools such as Metasploit, Nmap, Wireshark, Aircrack‑ng and John the Ripper, making it a preferred platform for security professionals in testing, forensics, and network defense.

Kali Linuxdigital forensicsinformation security

0 likes · 4 min read

Overview of Kali Linux: Features, Tools, and Use Cases

Software Development Quality

Apr 1, 2024 · Information Security

Master One-Click Info Collection & Scanning with jws-cli: A Python Security Tool

jws-cli is a Python‑based, extensible one‑click information collection and scanning tool that automates subdomain discovery, CDN and WAF detection, port and C‑segment scanning, and integrates third‑party vulnerability scanners, offering visual reports and email delivery for rapid penetration testing workflows.

AutomationInformation GatheringPython

0 likes · 6 min read

Master One-Click Info Collection & Scanning with jws-cli: A Python Security Tool

Software Development Quality

Mar 28, 2024 · Information Security

How to Install and Activate Burp Suite Professional: Step‑by‑Step Guide

This article provides a detailed, step‑by‑step tutorial for installing and activating Burp Suite Professional, covering file extraction, PowerShell script execution, license entry, manual activation, and final verification, complemented by screenshots for each major step.

Burp SuitePowerShellWeb Security

0 likes · 4 min read

How to Install and Activate Burp Suite Professional: Step‑by‑Step Guide

Practical DevOps Architecture

Mar 14, 2024 · Information Security

Comprehensive Penetration Testing Course Outline

This article provides a detailed curriculum for a penetration testing training program, covering operating system basics, web services, database setup, Kali Linux installation, various hacking tools, common web vulnerabilities, SQL injection techniques, command execution, file upload and inclusion flaws, XSS, CSRF, SSRF, privilege escalation, and internal network exploitation.

ethical hackinginformation securitynetwork security

0 likes · 10 min read

Comprehensive Penetration Testing Course Outline

Liangxu Linux

Oct 25, 2023 · Information Security

How to Bypass CDN and Discover a Website’s Real IP Address

This guide explains why penetration testers need a target’s true IP, how to detect CDN usage, and provides step‑by‑step techniques—including same‑country queries, sub‑domain probing, DNS history checks, FOFA searches, email reverse lookup, and full‑network scanning—to uncover the real server address.

CDNIP discoveryInformation Gathering

0 likes · 7 min read

How to Bypass CDN and Discover a Website’s Real IP Address

Software Development Quality

Oct 17, 2023 · Information Security

Deploy Watchdog: Open-Source Asset Management & Security Scanning Platform

This guide introduces Watchdog, an upgraded, web-based security platform derived from Bayonet, and provides step-by-step instructions for installing, configuring, and deploying it across multiple Ubuntu nodes, including database setup, Flask service launch, and activation of sub-domain, port, URL, and Xray scanning modules.

DeploymentWatchdogasset management

0 likes · 7 min read

Deploy Watchdog: Open-Source Asset Management & Security Scanning Platform

MaGe Linux Operations

Oct 12, 2023 · Information Security

How to Detect and Bypass CDN to Reveal a Website’s Real IP

This guide explains why CDNs hide a site's true IP, how to determine if a website uses a CDN, and outlines practical techniques—including DNS queries, online tools, sub‑domain analysis, email reverse lookup, and scanning scripts—to bypass the CDN and discover the real server address.

CDNIP discoveryNetwork Reconnaissance

0 likes · 8 min read

How to Detect and Bypass CDN to Reveal a Website’s Real IP

Liangxu Linux

Aug 22, 2023 · Information Security

Explore siusiu: A Docker‑Based Penetration Testing Toolbox with Over 50 Ready‑to‑Use Security Tools

siusiu is a Docker‑based penetration testing toolbox that bundles more than 50 security utilities, offers an interactive console for listing, downloading, and running tools, supports non‑interactive mode, and can be installed via binary, Git, or Go with detailed usage commands.

Dockerinformation securitypenetration testing

0 likes · 5 min read

Explore siusiu: A Docker‑Based Penetration Testing Toolbox with Over 50 Ready‑to‑Use Security Tools

MaGe Linux Operations

Aug 17, 2023 · Information Security

Explore siusiu: A Docker‑Powered Penetration Testing Toolbox

siusiu is a Docker‑based penetration testing toolbox that bundles dozens of security utilities as Docker images, offering an easy‑to‑use console, multiple installation methods, and a rich command set for both interactive and scripted security assessments.

DevOpsDockerinformation security

0 likes · 6 min read

Explore siusiu: A Docker‑Powered Penetration Testing Toolbox

MaGe Linux Operations

Aug 4, 2023 · Information Security

How to Detect and Exploit Cloud Access Key (AK/SK) Leaks

This article explains why cloud platforms rely on access keys, describes common scenarios where AK/SK credentials are exposed, provides practical examples such as heapdump and JavaScript leaks, and shows how attackers can hijack storage buckets or execute commands on compromised cloud hosts.

AK/SKaccess key leakagecloud security

0 likes · 7 min read

How to Detect and Exploit Cloud Access Key (AK/SK) Leaks

21CTO

Jul 20, 2023 · Information Security

Kevin Mitnick: From World’s Most Wanted Hacker to Security Guru

Kevin Mitnick, once dubbed the world’s most famous hacker and the first to be pursued by the FBI, transformed from a teenage social‑engineering prodigy into a celebrated information‑security consultant, author, and founder of Mitnick Security, leaving a lasting impact on computer security after his 2023 death.

Kevin Mitnickcomputer securityhacking

0 likes · 5 min read

Kevin Mitnick: From World’s Most Wanted Hacker to Security Guru

Java Architect Essentials

May 26, 2023 · Information Security

Step‑by‑Step WordPress Site Penetration Testing Tutorial

This tutorial walks beginners through the entire process of compromising a WordPress website, from initial information gathering and DNS enumeration to vulnerability scanning, exploitation with tools like sqlmap and nmap, privilege escalation, and establishing persistent backdoors.

SQLMapWebshellWordPress

0 likes · 10 min read

Step‑by‑Step WordPress Site Penetration Testing Tutorial

Liangxu Linux

May 2, 2023 · Information Security

Kali Linux vs Parrot OS: Which Penetration Testing Distro Is Right for You?

An in‑depth comparison of Kali Linux and Parrot OS examines their origins, pre‑installed security tools, customization options, hardware requirements, user interfaces, and performance, helping security professionals and enthusiasts choose the most suitable Linux distribution for penetration testing and privacy‑focused work.

Kali LinuxLinux DistributionParrot OS

0 likes · 10 min read

Kali Linux vs Parrot OS: Which Penetration Testing Distro Is Right for You?

Liangxu Linux

Mar 26, 2023 · Information Security

Top 10 Vulnerability Scanners Every Security Professional Should Know

This article reviews the ten most popular vulnerability scanning tools—including OpenVAS, Tripwire IP360, Nessus, and others—detailing their key features, scanning capabilities, deployment options, and typical use cases to help security professionals choose the right solution for network and application vulnerability assessment.

OpenVASnessusnetwork security

0 likes · 10 min read

Top 10 Vulnerability Scanners Every Security Professional Should Know

MaGe Linux Operations

Mar 5, 2023 · Information Security

Top 10 Vulnerability Scanners Every Security Team Needs

This guide reviews the ten leading vulnerability scanning solutions, detailing each tool's key features, deployment options, and how they help organizations detect and remediate security weaknesses across networks, servers, cloud and container environments.

information securitynetwork securityopen source

0 likes · 7 min read

Top 10 Vulnerability Scanners Every Security Team Needs

MaGe Linux Operations

Dec 2, 2022 · Information Security

Cracking Wi‑Fi Passwords with Aircrack‑ng on Kali Linux

This step‑by‑step guide shows how to enable monitor mode, capture WPA2 handshakes, and perform a dictionary attack using Aircrack‑ng on a Kali Linux system, covering device detection, network scanning, packet capture, and password cracking commands.

Aircrack-ngKali LinuxWi-Fi cracking

0 likes · 5 min read

Cracking Wi‑Fi Passwords with Aircrack‑ng on Kali Linux

Open Source Linux

Nov 15, 2022 · Information Security

Master File Transfer in Penetration Testing: Linux & Windows Download Commands

This guide compiles essential Linux and Windows commands—including wget, curl, PowerShell, and Netcat—that enable attackers to download files to compromised hosts when direct transfer is unavailable, covering usage, options, and practical examples for each tool.

cURLfile transfernetcat

0 likes · 16 min read

Master File Transfer in Penetration Testing: Linux & Windows Download Commands

Software Development Quality

Sep 22, 2022 · Information Security

Essential Android Security Testing Tools: A Comprehensive Guide

This article compiles a thorough list of Android security testing resources, covering online analysis platforms, static and dynamic analysis utilities, vulnerability scanners, reverse‑engineering tools, fuzzers, app‑repackaging detectors, market crawlers, miscellaneous aids, and references to academic publications and bug‑bounty programs.

Android SecurityDynamic analysisMobile Security

0 likes · 10 min read

Essential Android Security Testing Tools: A Comprehensive Guide

Liangxu Linux

Aug 28, 2022 · Information Security

Essential Q&A on White‑Hat Hacking and Core Information Security Concepts

This article provides concise answers to 24 common questions about white‑hat hacking, covering definitions, tools, attack techniques such as footprinting, brute‑force, DoS, SQL injection, ARP spoofing, XSS, and practical defenses like input validation, firewalls, encryption, and secure coding practices.

White Hatcybersecuritypenetration testing

0 likes · 14 min read

Essential Q&A on White‑Hat Hacking and Core Information Security Concepts

DevOps

Aug 26, 2022 · Information Security

Security Testing Practices in DevSecOps and Huawei Cloud

The article explains the importance of security testing within DevSecOps, outlines key testing methods such as SAST, DAST, IAST, and SCA, discusses penetration testing, and describes Huawei Cloud's comprehensive security testing framework and practices for ensuring software safety in modern development pipelines.

DASTDevSecOpsIAST

0 likes · 13 min read

Security Testing Practices in DevSecOps and Huawei Cloud

Open Source Linux

Aug 16, 2022 · Information Security

Essential White‑Hat Hacker FAQ: Tools, Techniques, and Defense Strategies

This comprehensive guide explains what white‑hat hackers are, the differences between IP and MAC addresses, common hacking tools, hacker types, footprinting methods, brute‑force and DoS attacks, SQL injection, network sniffing, ARP spoofing, MAC flooding, rogue DHCP, XSS, Burp Suite, domain pharming, prevention tactics, keyloggers, enumeration, NTP, MIB, password‑cracking techniques, attack phases, and CSRF protection, offering a solid foundation for cybersecurity awareness.

cybersecuritypenetration testingsecurity tools

0 likes · 11 min read

Essential White‑Hat Hacker FAQ: Tools, Techniques, and Defense Strategies

MaGe Linux Operations

Aug 4, 2022 · Information Security

Essential InfoSec FAQ: From White‑Hat Basics to Advanced Attack Techniques

This comprehensive FAQ explains key information‑security concepts, covering white‑hat hacking, IP vs MAC addresses, common penetration‑testing tools, hacker types, footprinting methods, brute‑force, DoS, SQL injection, sniffing, ARP spoofing, MAC flooding, rogue DHCP, XSS, Burp Suite, pharming, defacement, website protection, keyloggers, enumeration, NTP, MIB, password‑cracking techniques, attack stages, and CSRF mitigation.

cybersecurityhackinginformation security

0 likes · 10 min read

Essential InfoSec FAQ: From White‑Hat Basics to Advanced Attack Techniques

MaGe Linux Operations

Jul 9, 2022 · Information Security

Top 10 Vulnerability Scanners Every Security Professional Should Know

This article reviews the ten most popular vulnerability scanning tools, describing their key features, deployment options, and how they help identify and remediate security weaknesses across servers, networks, cloud and container environments.

network securityopen sourcepenetration testing

0 likes · 8 min read

MaGe Linux Operations

Jul 6, 2022 · Information Security

How to Bypass a WAF and Capture the Flag on Minu-1 – A Complete Pen‑Test Walkthrough

This step‑by‑step guide demonstrates how to enumerate a vulnerable host, identify and fingerprint its Web Application Firewall, apply multiple WAF‑bypass techniques—including fuzzing, command injection, binary abuse and URL‑encoding tricks—to obtain a stable shell, perform privilege escalation, decode a JWT token and finally retrieve the root flag.txt.

Information GatheringJWT crackingLinux exploitation

0 likes · 16 min read

How to Bypass a WAF and Capture the Flag on Minu-1 – A Complete Pen‑Test Walkthrough

Open Source Linux

May 11, 2022 · Information Security

Top 9 Essential Tools Every Ethical Hacker Should Master

This article introduces ethical hacking and presents nine widely used security tools—including Nmap, Nessus, Nikto, Kismet, NetStumbler, Acunetix, Netsparker, Intruder, and Metasploit—detailing their main features, platforms, and how they help professionals identify vulnerabilities and protect networks.

ethical hackingpenetration testingsecurity tools

0 likes · 7 min read

Top 9 Essential Tools Every Ethical Hacker Should Master

MaGe Linux Operations

Mar 31, 2022 · Information Security

Essential Penetration Testing Dictionaries for Efficient Brute-Force Attacks

This article introduces concise penetration testing dictionaries and shares a high‑efficiency brute‑force wordlist, providing free resources for security engineers seeking effective attack payloads and encouraging community access to valuable cybersecurity tools.

brute forcecybersecurity resourcesdictionary

0 likes · 1 min read

Essential Penetration Testing Dictionaries for Efficient Brute-Force Attacks

Java Captain

Jan 27, 2022 · Information Security

A Practical Guide to Internal Network Penetration Tools: NPS, FRP, EW, and Ngrok

This article introduces several widely used internal network penetration and tunneling tools—including NPS, FRP, EW, and Ngrok—explains their core principles, features, and provides step‑by‑step installation and configuration commands for exposing services such as HTTP, SSH, RDP, and file sharing to the public internet.

NPSewfrp

0 likes · 14 min read

A Practical Guide to Internal Network Penetration Tools: NPS, FRP, EW, and Ngrok

Python Programming Learning Circle

Jan 19, 2022 · Information Security

File Transfer Techniques for Penetration Testing: Linux and Windows Download Commands

This article compiles common file download commands and tools used in penetration testing for both Linux and Windows environments, covering utilities such as wget, curl, axel, aria2, PowerShell, certutil, bitsadmin, and others, with example syntax for direct, background, and resumable transfers.

File DownloadLinuxWindows

0 likes · 13 min read

File Transfer Techniques for Penetration Testing: Linux and Windows Download Commands

Top Architect

Jan 19, 2022 · Information Security

Penetration Testing Walkthrough: Bypassing Invitation Code and Accessing the Backend of a Mobile App

This article details a step‑by‑step penetration testing process where the author captures network traffic from a mobile app, enumerates hidden API endpoints, exploits injection flaws to retrieve backend credentials, examines upload validation, and ultimately gains admin access while highlighting the challenges faced.

API enumerationSQL injectionmobile app security

0 likes · 7 min read

Penetration Testing Walkthrough: Bypassing Invitation Code and Accessing the Backend of a Mobile App

Python Programming Learning Circle

Dec 30, 2021 · Information Security

A Personal Penetration Test Narrative: Hacking a Fraudulent Reseller with Python Tools

The author recounts a step‑by‑step penetration test against a fraudulent reseller, detailing OSINT gathering, port scanning, FTP brute‑forcing, JavaScript injection, location tracking, domain hijacking, and the deployment of custom Python scripts for each stage.

ftp brute forceinformation securitypenetration testing

0 likes · 7 min read

A Personal Penetration Test Narrative: Hacking a Fraudulent Reseller with Python Tools

HomeTech

Dec 28, 2021 · Information Security

SQL Injection Vulnerability Analysis and Defense Strategies

This article provides a comprehensive analysis of SQL injection vulnerabilities, covering their principles, testing tools, repair methods, and defense strategies, with practical implementation guidance for secure web application development.

Database SecurityOWASPParameterized Queries

0 likes · 15 min read

SQL Injection Vulnerability Analysis and Defense Strategies

Open Source Linux

Nov 24, 2021 · Information Security

Mastering Port Penetration: From Scanning to Exploitation

This comprehensive guide explains how to improve penetration testing efficiency by focusing on port enumeration, banner grabbing, service identification, default port knowledge, and a variety of attack techniques—including brute‑force, exploitation of known vulnerabilities, and protocol‑specific tricks—across common network services and applications.

brute forcenmappenetration testing

0 likes · 19 min read

Mastering Port Penetration: From Scanning to Exploitation

MaGe Linux Operations

Sep 25, 2021 · Information Security

How to Build a Docker‑Based Kali Linux Lab with Web Target for Pen‑Testing

This guide walks you through creating a Docker‑powered environment that includes a graphical Kali Linux workstation and a web target machine with MySQL and Tomcat, covering Docker installation, image preparation, container configuration, remote desktop setup, and database integration for hands‑on information‑security practice.

DockerKali LinuxWeb Security

0 likes · 8 min read

How to Build a Docker‑Based Kali Linux Lab with Web Target for Pen‑Testing

Python Crawling & Data Mining

Jul 28, 2021 · Information Security

Essential Network Security Tools: A Comprehensive Beginner's Guide

This article presents a curated list of network security utilities—including anti‑malware, scanners, encryption, IDS, port scanners, exploit frameworks, monitoring, proxies, wireless, rootkit detectors, and packet sniffers—each with brief descriptions and download links for aspiring security practitioners.

intrusion detectionnetwork securitypacket sniffing

0 likes · 17 min read

Essential Network Security Tools: A Comprehensive Beginner's Guide

Python Crawling & Data Mining

Jul 15, 2021 · Information Security

How Hackers Locate Unsecured Network Cameras Using ZoomEye, Shodan, and IP Scanning

This article explains how attackers discover vulnerable internet‑connected cameras by using searchable databases like ZoomEye and Shodan, as well as by scanning IP ranges for common camera ports, and highlights the ethical considerations of such techniques.

IP scanningNetwork CamerasShodan

0 likes · 4 min read

How Hackers Locate Unsecured Network Cameras Using ZoomEye, Shodan, and IP Scanning

Open Source Linux

Apr 14, 2021 · Information Security

Step‑by‑Step Web Penetration Test: From Recon to Root Access

This tutorial walks you through a complete web penetration test on the fictional site hack‑test.com, covering DNS enumeration, server fingerprinting, vulnerability scanning with Nikto and w3af, exploiting SQL injection via sqlmap, uploading a PHP webshell, gaining a reverse shell, and finally escalating to root privileges on a Linux server.

Information GatheringSQL injectionWeb Security

0 likes · 10 min read

Step‑by‑Step Web Penetration Test: From Recon to Root Access

MaGe Linux Operations

Apr 4, 2021 · Information Security

Step‑by‑Step Analysis and Exploitation of a QQ Phishing Site

An in‑depth walkthrough demonstrates how to identify, analyze, and attack a QQ phishing website—revealing its URL, POST parameters, using Python to flood it with fake credentials, performing WHOIS, ping, nmap, and w3af scans, uncovering backend details, and discussing mitigation strategies.

Network ScanningPythonWeb Security

0 likes · 7 min read

Step‑by‑Step Analysis and Exploitation of a QQ Phishing Site

Laravel Tech Community

Mar 12, 2021 · Information Security

Exploiting a High‑Risk SSRF Vulnerability in a Financial Crowdsourcing Web Application

The article details a step‑by‑step penetration test of a seemingly empty financial web application, describing how hidden JavaScript files and a discovered /xxxapi/file/pdf/view endpoint were leveraged to craft an SSRF payload that accessed internal services such as Elasticsearch, illustrating practical web security exploitation techniques.

JavaScript analysisSSRFWeb Security

0 likes · 7 min read

Exploiting a High‑Risk SSRF Vulnerability in a Financial Crowdsourcing Web Application

Zhengtong Technical Team

Oct 30, 2020 · Information Security

Using Burp Suite for Penetration Testing of the ZhiXin Mobile Application

This article explains how to employ Burp Suite to conduct comprehensive penetration testing on the ZhiXin mobile app, covering setup, proxy configuration, detection of sensitive data leaks, privilege escalation, XSS, and SQL injection vulnerabilities, and provides remediation recommendations.

Burp SuiteMobile Securityapp testing

0 likes · 12 min read

Using Burp Suite for Penetration Testing of the ZhiXin Mobile Application

Programmer DD

Oct 30, 2020 · Information Security

Top 10 Linux Distributions for Penetration Testing and Ethical Hacking

This article lists the ten most popular Linux distributions used for penetration testing and ethical hacking, describing each distro's base, key features, target audience, and providing official download links for quick access.

distributionethical hackingpenetration testing

0 likes · 8 min read

Top 10 Linux Distributions for Penetration Testing and Ethical Hacking

Liangxu Linux

Sep 19, 2020 · Information Security

Step-by-Step Guide: Installing Kali Linux on VirtualBox

This article explains what Kali Linux is, provides the official download link, and walks you through creating a VirtualBox VM, configuring settings, performing a graphical installation, and highlights important security warnings for using this penetration‑testing distribution.

Kali LinuxLinux InstallationVirtualBox

0 likes · 5 min read

Step-by-Step Guide: Installing Kali Linux on VirtualBox

Open Source Linux

Aug 20, 2020 · Information Security

Top 10 Linux Distributions for Penetration Testing and Ethical Hacking

This article presents a curated list of the ten most popular Linux distributions used for penetration testing and ethical hacking, detailing each distro's base system, key features, toolsets, and where to download them, helping security professionals choose the right platform for their needs.

Linuxdistributionethical hacking

0 likes · 8 min read

MaGe Linux Operations

Aug 14, 2020 · Information Security

Top 10 Linux Distributions for Ethical Hacking and Penetration Testing

This guide lists the most popular Linux distributions used for ethical hacking and penetration testing, describing each distro's base, key features, toolsets, and providing download links for quick setup on various platforms.

Kali LinuxSecurity Distributionsethical hacking

0 likes · 8 min read

Top 10 Linux Distributions for Ethical Hacking and Penetration Testing

IT Architects Alliance

Aug 13, 2020 · Information Security

Top 7 Web Vulnerability Scanners: Features, Pros, and How to Use Them

After gathering reconnaissance data in a penetration test, this article reviews seven popular web vulnerability scanners, outlining their core capabilities, typical usage scenarios, and visual screenshots to help security professionals choose the right tool for detecting SQL injection, XSS, file inclusion, and other common web flaws.

Tool comparisonWeb Securityawvs

0 likes · 7 min read

Top 7 Web Vulnerability Scanners: Features, Pros, and How to Use Them

Laravel Tech Community

Aug 10, 2020 · Information Security

Comprehensive Penetration Testing Process, Common Vulnerabilities, Exploitation Techniques, and Security Interview Questions

This article provides a detailed walkthrough of web penetration testing steps, extensive Q&A on common vulnerabilities such as SQL injection, XSS, CSRF, SSRF, file inclusion, privilege escalation methods, mitigation strategies, and interview preparation tips for security professionals.

ExploitationSecurity InterviewWeb Security

0 likes · 44 min read

Comprehensive Penetration Testing Process, Common Vulnerabilities, Exploitation Techniques, and Security Interview Questions

Architects Research Society

Aug 10, 2020 · Information Security

Awesome Penetration Testing Resources and Tools

This article compiles a comprehensive, categorized collection of penetration testing resources—including anonymity tools, antivirus evasion utilities, books, CTF frameworks, Docker containers, network analysis tools, OSINT platforms, and more—providing security professionals and researchers with a valuable reference for offensive security engagements.

CTFDockerOSINT

0 likes · 36 min read

Awesome Penetration Testing Resources and Tools

OPPO Amber Lab

Jul 22, 2020 · Information Security

Understanding Web Security: Key Vulnerabilities and Penetration Testing Methods

This article explains the fundamentals of web security, outlines typical web architecture, classifies penetration testing approaches, enumerates common vulnerabilities such as SQL injection, XSS, file upload and deserialization, and discusses how attackers combine these flaws to launch advanced exploits.

DeserializationSQL injectionVulnerability Classification

0 likes · 7 min read

Understanding Web Security: Key Vulnerabilities and Penetration Testing Methods

Ziru Technology

Feb 16, 2020 · Information Security

Mastering Drozer: Step‑by‑Step Android Security Testing Guide

This guide walks through installing Drozer, configuring port forwarding, connecting the console, and using a variety of commands to enumerate packages, activities, content providers, services, and broadcast receivers on Android devices, while also addressing common errors and demonstrating vulnerability scans such as SQL injection and directory traversal.

DrozerMobile Securityinformation security

0 likes · 9 min read

Mastering Drozer: Step‑by‑Step Android Security Testing Guide

Architects Research Society

Sep 19, 2019 · Information Security

Awesome Penetration Testing Resources and Tools

This comprehensive collection presents a curated list of penetration testing resources—including anonymity tools, antivirus‑evasion utilities, books, CTF frameworks, Docker containers for vulnerable systems, network analysis utilities, OSINT services, reverse‑engineering tools, and security education materials—providing security professionals and researchers with a valuable reference for offensive security testing and learning.

CTFDockerInfoSec

0 likes · 36 min read

Liangxu Linux

Aug 5, 2019 · Information Security

Top 12 Linux Distributions for Penetration Testing and Security Research

This guide presents a curated list of twelve Linux distributions—such as Kali Linux, BackBox, Parrot Security OS, and others—detailing their origins, key security tools, desktop environments, installation options, and unique features that make them ideal for ethical hacking, forensics, and network security assessments.

ForensicsInfoSecpenetration testing

0 likes · 8 min read

Top 12 Linux Distributions for Penetration Testing and Security Research