Tagged articles

penetration testing

135 articles · Page 2 of 2
MaGe Linux Operations
MaGe Linux Operations
Apr 4, 2021 · Information Security

Step‑by‑Step Analysis and Exploitation of a QQ Phishing Site

An in‑depth walkthrough demonstrates how to identify, analyze, and attack a QQ phishing website—revealing its URL, POST parameters, using Python to flood it with fake credentials, performing WHOIS, ping, nmap, and w3af scans, uncovering backend details, and discussing mitigation strategies.

Network ScanningPhishingPython
0 likes · 7 min read
Step‑by‑Step Analysis and Exploitation of a QQ Phishing Site
Laravel Tech Community
Laravel Tech Community
Mar 12, 2021 · Information Security

Exploiting a High‑Risk SSRF Vulnerability in a Financial Crowdsourcing Web Application

The article details a step‑by‑step penetration test of a seemingly empty financial web application, describing how hidden JavaScript files and a discovered /xxxapi/file/pdf/view endpoint were leveraged to craft an SSRF payload that accessed internal services such as Elasticsearch, illustrating practical web security exploitation techniques.

JavaScript analysisVulnerability Discoverypenetration testing
0 likes · 7 min read
Exploiting a High‑Risk SSRF Vulnerability in a Financial Crowdsourcing Web Application
Zhengtong Technical Team
Zhengtong Technical Team
Oct 30, 2020 · Information Security

Using Burp Suite for Penetration Testing of the ZhiXin Mobile Application

This article explains how to employ Burp Suite to conduct comprehensive penetration testing on the ZhiXin mobile app, covering setup, proxy configuration, detection of sensitive data leaks, privilege escalation, XSS, and SQL injection vulnerabilities, and provides remediation recommendations.

Burp Suiteapp testinginformation security
0 likes · 12 min read
Using Burp Suite for Penetration Testing of the ZhiXin Mobile Application
Liangxu Linux
Liangxu Linux
Sep 19, 2020 · Information Security

Step-by-Step Guide: Installing Kali Linux on VirtualBox

This article explains what Kali Linux is, provides the official download link, and walks you through creating a VirtualBox VM, configuring settings, performing a graphical installation, and highlights important security warnings for using this penetration‑testing distribution.

Kali LinuxLinux InstallationVirtualBox
0 likes · 5 min read
Step-by-Step Guide: Installing Kali Linux on VirtualBox
Open Source Linux
Open Source Linux
Aug 20, 2020 · Information Security

Top 10 Linux Distributions for Penetration Testing and Ethical Hacking

This article presents a curated list of the ten most popular Linux distributions used for penetration testing and ethical hacking, detailing each distro's base system, key features, toolsets, and where to download them, helping security professionals choose the right platform for their needs.

Linuxdistributionethical hacking
0 likes · 8 min read
Top 10 Linux Distributions for Penetration Testing and Ethical Hacking
IT Architects Alliance
IT Architects Alliance
Aug 13, 2020 · Information Security

Top 7 Web Vulnerability Scanners: Features, Pros, and How to Use Them

After gathering reconnaissance data in a penetration test, this article reviews seven popular web vulnerability scanners, outlining their core capabilities, typical usage scenarios, and visual screenshots to help security professionals choose the right tool for detecting SQL injection, XSS, file inclusion, and other common web flaws.

awvsinformation securitynessus
0 likes · 7 min read
Top 7 Web Vulnerability Scanners: Features, Pros, and How to Use Them
Laravel Tech Community
Laravel Tech Community
Aug 10, 2020 · Information Security

Comprehensive Penetration Testing Process, Common Vulnerabilities, Exploitation Techniques, and Security Interview Questions

This article provides a detailed walkthrough of web penetration testing steps, extensive Q&A on common vulnerabilities such as SQL injection, XSS, CSRF, SSRF, file inclusion, privilege escalation methods, mitigation strategies, and interview preparation tips for security professionals.

ExploitationSecurity Interviewpenetration testing
0 likes · 44 min read
Comprehensive Penetration Testing Process, Common Vulnerabilities, Exploitation Techniques, and Security Interview Questions
Architects Research Society
Architects Research Society
Aug 10, 2020 · Information Security

Awesome Penetration Testing Resources and Tools

This article compiles a comprehensive, categorized collection of penetration testing resources—including anonymity tools, antivirus evasion utilities, books, CTF frameworks, Docker containers, network analysis tools, OSINT platforms, and more—providing security professionals and researchers with a valuable reference for offensive security engagements.

CTFDockerOSINT
0 likes · 36 min read
Awesome Penetration Testing Resources and Tools
OPPO Amber Lab
OPPO Amber Lab
Jul 22, 2020 · Information Security

Understanding Web Security: Key Vulnerabilities and Penetration Testing Methods

This article explains the fundamentals of web security, outlines typical web architecture, classifies penetration testing approaches, enumerates common vulnerabilities such as SQL injection, XSS, file upload and deserialization, and discusses how attackers combine these flaws to launch advanced exploits.

SQL InjectionVulnerability ClassificationXSS
0 likes · 7 min read
Understanding Web Security: Key Vulnerabilities and Penetration Testing Methods
Ziru Technology
Ziru Technology
Feb 16, 2020 · Information Security

Mastering Drozer: Step‑by‑Step Android Security Testing Guide

This guide walks through installing Drozer, configuring port forwarding, connecting the console, and using a variety of commands to enumerate packages, activities, content providers, services, and broadcast receivers on Android devices, while also addressing common errors and demonstrating vulnerability scans such as SQL injection and directory traversal.

Drozerinformation securitymobile security
0 likes · 9 min read
Mastering Drozer: Step‑by‑Step Android Security Testing Guide
Architects Research Society
Architects Research Society
Sep 19, 2019 · Information Security

Awesome Penetration Testing Resources and Tools

This comprehensive collection presents a curated list of penetration testing resources—including anonymity tools, antivirus‑evasion utilities, books, CTF frameworks, Docker containers for vulnerable systems, network analysis utilities, OSINT services, reverse‑engineering tools, and security education materials—providing security professionals and researchers with a valuable reference for offensive security testing and learning.

CTFDockerInfoSec
0 likes · 36 min read
Awesome Penetration Testing Resources and Tools
Liangxu Linux
Liangxu Linux
Aug 5, 2019 · Information Security

Top 12 Linux Distributions for Penetration Testing and Security Research

This guide presents a curated list of twelve Linux distributions—such as Kali Linux, BackBox, Parrot Security OS, and others—detailing their origins, key security tools, desktop environments, installation options, and unique features that make them ideal for ethical hacking, forensics, and network security assessments.

ForensicsInfoSecpenetration testing
0 likes · 8 min read
Top 12 Linux Distributions for Penetration Testing and Security Research
MaGe Linux Operations
MaGe Linux Operations
Dec 18, 2018 · Information Security

Essential Linux Penetration Testing Cheat Sheet for Security Professionals

This cheat sheet compiles essential Linux commands for penetration testing, covering system enumeration, package management, user handling, compression, file operations, Samba access, shell tricks, Python tips, miscellaneous utilities, bash history clearing, filesystem permissions, and notable files for privilege escalation.

EnumerationLinuxpenetration testing
0 likes · 3 min read
Essential Linux Penetration Testing Cheat Sheet for Security Professionals
NetEase Game Operations Platform
NetEase Game Operations Platform
Dec 14, 2018 · Information Security

Database Injection Attacks: Principles, Exploits, and Defense Strategies

This article explains why database injection remains a critical security threat, illustrates how attackers exploit vulnerable web applications using manual techniques and automated tools such as sqlmap, and provides comprehensive defensive measures spanning secure coding, database hardening, web‑server configuration, WAF deployment, and log‑analysis to protect sensitive data.

Database SecuritySQL InjectionSQLMap
0 likes · 17 min read
Database Injection Attacks: Principles, Exploits, and Defense Strategies
MaGe Linux Operations
MaGe Linux Operations
Nov 15, 2018 · Information Security

Top 123 Python Tools for Pen Testing, Reverse Engineering & Forensics

A comprehensive, curated list of 123 Python-based security tools spans network analysis, debugging, reverse engineering, fuzzing, web testing, forensics, malware analysis, PDF inspection, miscellaneous utilities, plus recommended libraries, books, and learning resources for penetration testers and security researchers.

ForensicsFuzzingpenetration testing
0 likes · 16 min read
Top 123 Python Tools for Pen Testing, Reverse Engineering & Forensics
ITPUB
ITPUB
Aug 30, 2018 · Information Security

Mastering Reverse Shells: 30+ Techniques Across Linux, Windows, and Network Protocols

This article provides a comprehensive collection of reverse‑shell techniques—including Perl, Bash, Python, PowerShell, Java, and protocol‑specific methods like ICMP, UDP, and DNS—complete with command‑line examples, code snippets, and practical tips for both Linux and Windows environments.

Network Protocolspenetration testingreverse shell
0 likes · 15 min read
Mastering Reverse Shells: 30+ Techniques Across Linux, Windows, and Network Protocols
MaGe Linux Operations
MaGe Linux Operations
Jul 31, 2018 · Information Security

How to Detect and Bypass Web Application Firewalls with Python

This article explains how penetration testers can identify and bypass signature‑based Web Application Firewalls using Python, covering WAF fundamentals, payload creation, detection of common firewalls like Mod_Security, and techniques such as brute‑force payload testing and HTML entity encoding to evade filters.

WAF detectionpenetration testingsignature-based firewall
0 likes · 10 min read
How to Detect and Bypass Web Application Firewalls with Python
ITFLY8 Architecture Home
ITFLY8 Architecture Home
May 9, 2018 · Information Security

Master MySQL Penetration: From Recon to Privilege Escalation

This article details comprehensive MySQL penetration techniques, covering information gathering, password cracking, webshell deployment, and multiple privilege‑escalation methods using tools such as Nmap, Metasploit, sqlmap, MOF, UDF and startup script exploits.

MetasploitMySQLPassword Cracking
0 likes · 25 min read
Master MySQL Penetration: From Recon to Privilege Escalation
MaGe Linux Operations
MaGe Linux Operations
Jan 22, 2018 · Information Security

Essential Linux Penetration Testing Cheat Sheet for Security Professionals

A comprehensive cheat sheet of Linux commands covering system enumeration, package management, user handling, compression, file operations, Samba access, shell tricks, miscellaneous utilities, bash history clearing, filesystem permissions, and interesting files for effective penetration testing.

Cheat SheetEnumerationLinux
0 likes · 3 min read
Essential Linux Penetration Testing Cheat Sheet for Security Professionals
ITPUB
ITPUB
Sep 4, 2017 · Information Security

How I Exploited Oracle Advanced Support to Run Remote SQL via Hidden JavaScript

During an external penetration test I discovered an Oracle Advanced Support service, reverse‑engineered its JavaScript endpoints, crafted GET and POST requests to create and execute named SQL statements, and ultimately extracted database version, user information, and password hashes, highlighting a critical web‑application flaw.

API abuseJavaScript analysisOracle
0 likes · 14 min read
How I Exploited Oracle Advanced Support to Run Remote SQL via Hidden JavaScript
MaGe Linux Operations
MaGe Linux Operations
Aug 12, 2017 · Information Security

123 Essential Python Tools for Penetration Testing and Security Research

This article compiles a comprehensive list of 123 Python-based penetration testing tools, covering network utilities, debugging and reverse‑engineering frameworks, fuzzing platforms, web testing kits, forensic analysis utilities, malware analysis helpers, PDF inspection modules, miscellaneous libraries, recommended books, talks, and additional resources for security professionals.

ForensicsFuzzingPython
0 likes · 17 min read
123 Essential Python Tools for Penetration Testing and Security Research
MaGe Linux Operations
MaGe Linux Operations
Jun 25, 2017 · Information Security

How to Identify a Django-Powered Site During Black‑Box Penetration Testing

This guide outlines practical techniques—such as spotting Django's debug error pages, hidden CSRF tokens, default admin URLs, characteristic server headers, third‑party module fingerprints, and static admin assets—to reliably determine whether a target web application is built with Django during black‑box testing.

DjangoFramework DetectionWeb Application Security
0 likes · 5 min read
How to Identify a Django-Powered Site During Black‑Box Penetration Testing
dbaplus Community
dbaplus Community
Apr 4, 2017 · Information Security

Mastering Database Injection: Real‑World Attacks, Tools, and Defense Strategies

This comprehensive guide explains why database injection remains a critical security threat, illustrates real‑world attack techniques and toolchains, and provides layered defensive measures—from secure coding and DB‑proxy solutions to web‑server filtering, WAF deployment, and log‑analysis pipelines.

Database SecurityDefense StrategiesSQL Injection
0 likes · 24 min read
Mastering Database Injection: Real‑World Attacks, Tools, and Defense Strategies
ITPUB
ITPUB
Mar 20, 2017 · Information Security

Essential Web Penetration Testing Q&A: From Recon to Exploit Techniques

This article compiles 42 practical questions and answers covering information gathering, vulnerability identification, exploitation tactics, and remediation advice for web applications, databases, servers, and common security mechanisms, providing a concise reference for penetration testers and security engineers.

CMS EnumerationSQL InjectionServer Exploitation
0 likes · 17 min read
Essential Web Penetration Testing Q&A: From Recon to Exploit Techniques
360 Quality & Efficiency
360 Quality & Efficiency
Aug 29, 2016 · Information Security

Android Security Testing Guide

This guide explains how to use APKTool to decompile Android apps, inspect the AndroidManifest.xml for exposed components, and employ the Drozer framework to enumerate packages, assess component exposure, detect content provider leaks, SQL injection, file traversal, and service vulnerabilities.

APKToolAndroidDrozer
0 likes · 5 min read
Android Security Testing Guide
360 Quality & Efficiency
360 Quality & Efficiency
May 9, 2016 · Information Security

Comprehensive Guide to Security Testing: Methods, Tools, and Best Practices

This article provides an in‑depth overview of security testing, covering its definition, lifecycle, test types, a wide range of scanning and injection tools, practical checklists, evaluation metrics, and recommendations for integrating security assessments throughout the software development process.

information securitynetwork securitypenetration testing
0 likes · 20 min read
Comprehensive Guide to Security Testing: Methods, Tools, and Best Practices
ITPUB
ITPUB
Feb 17, 2016 · Information Security

Top 10 Linux Security Distributions for Privacy and Penetration Testing

Discover the ten best Linux security‑focused distributions, each designed to protect privacy, enable anonymous browsing, and provide powerful tools for network and system security testing, with concise overviews of their origins, features, and installation options.

Linuxdistributionspenetration testing
0 likes · 7 min read
Top 10 Linux Security Distributions for Privacy and Penetration Testing
Architect
Architect
Nov 26, 2015 · Information Security

Analysis of Password Structures and Patterns in Web Penetration Testing

This article examines how manually assigned passwords in web services exhibit predictable structures—prefixes, keywords, separators, and suffixes—by analyzing millions of leaked Gmail passwords and other data, and categorizes the patterns to aid security assessments.

information securitykeyword extractionpassword analysis
0 likes · 9 min read
Analysis of Password Structures and Patterns in Web Penetration Testing
Art of Distributed System Architecture Design
Art of Distributed System Architecture Design
Jul 16, 2015 · Information Security

Beyond GET/POST: Testing HTTP Headers and Cookies for SQL Injection

This article examines how web vulnerability scanners handle non‑traditional input vectors such as HTTP headers and cookies, demonstrates manual exploitation techniques for header‑based SQL injection, compares scanner coverage and accuracy, and offers practical guidance for developers and penetration testers.

SQL InjectionSQLMapcookies
0 likes · 14 min read
Beyond GET/POST: Testing HTTP Headers and Cookies for SQL Injection