BestHub
Sign in
Tagged articles
121 articles
Page 2 of 2
MaGe Linux Operations
MaGe Linux Operations
Dec 18, 2018 · Information Security

Essential Linux Penetration Testing Cheat Sheet for Security Professionals

This cheat sheet compiles essential Linux commands for penetration testing, covering system enumeration, package management, user handling, compression, file operations, Samba access, shell tricks, Python tips, miscellaneous utilities, bash history clearing, filesystem permissions, and notable files for privilege escalation.

EnumerationLinuxSecurity
0 likes · 3 min read
Essential Linux Penetration Testing Cheat Sheet for Security Professionals
NetEase Game Operations Platform
NetEase Game Operations Platform
Dec 14, 2018 · Information Security

Database Injection Attacks: Principles, Exploits, and Defense Strategies

This article explains why database injection remains a critical security threat, illustrates how attackers exploit vulnerable web applications using manual techniques and automated tools such as sqlmap, and provides comprehensive defensive measures spanning secure coding, database hardening, web‑server configuration, WAF deployment, and log‑analysis to protect sensitive data.

Database SecuritySQL injectionSQLMap
0 likes · 17 min read
Database Injection Attacks: Principles, Exploits, and Defense Strategies
MaGe Linux Operations
MaGe Linux Operations
Nov 15, 2018 · Information Security

Top 123 Python Tools for Pen Testing, Reverse Engineering & Forensics

A comprehensive, curated list of 123 Python-based security tools spans network analysis, debugging, reverse engineering, fuzzing, web testing, forensics, malware analysis, PDF inspection, miscellaneous utilities, plus recommended libraries, books, and learning resources for penetration testers and security researchers.

Forensicsfuzzingpenetration testing
0 likes · 16 min read
Top 123 Python Tools for Pen Testing, Reverse Engineering & Forensics
ITPUB
ITPUB
Aug 30, 2018 · Information Security

Mastering Reverse Shells: 30+ Techniques Across Linux, Windows, and Network Protocols

This article provides a comprehensive collection of reverse‑shell techniques—including Perl, Bash, Python, PowerShell, Java, and protocol‑specific methods like ICMP, UDP, and DNS—complete with command‑line examples, code snippets, and practical tips for both Linux and Windows environments.

Network Protocolspenetration testingreverse shell
0 likes · 15 min read
Mastering Reverse Shells: 30+ Techniques Across Linux, Windows, and Network Protocols
MaGe Linux Operations
MaGe Linux Operations
Jul 31, 2018 · Information Security

How to Detect and Bypass Web Application Firewalls with Python

This article explains how penetration testers can identify and bypass signature‑based Web Application Firewalls using Python, covering WAF fundamentals, payload creation, detection of common firewalls like Mod_Security, and techniques such as brute‑force payload testing and HTML entity encoding to evade filters.

WAF detectionWeb Securitypenetration testing
0 likes · 10 min read
How to Detect and Bypass Web Application Firewalls with Python
ITFLY8 Architecture Home
ITFLY8 Architecture Home
May 9, 2018 · Information Security

Master MySQL Penetration: From Recon to Privilege Escalation

This article details comprehensive MySQL penetration techniques, covering information gathering, password cracking, webshell deployment, and multiple privilege‑escalation methods using tools such as Nmap, Metasploit, sqlmap, MOF, UDF and startup script exploits.

Information GatheringMetasploitSQLMap
0 likes · 25 min read
Master MySQL Penetration: From Recon to Privilege Escalation
MaGe Linux Operations
MaGe Linux Operations
Jan 22, 2018 · Information Security

Essential Linux Penetration Testing Cheat Sheet for Security Professionals

A comprehensive cheat sheet of Linux commands covering system enumeration, package management, user handling, compression, file operations, Samba access, shell tricks, miscellaneous utilities, bash history clearing, filesystem permissions, and interesting files for effective penetration testing.

Cheat SheetEnumerationLinux
0 likes · 3 min read
Essential Linux Penetration Testing Cheat Sheet for Security Professionals
ITPUB
ITPUB
Sep 4, 2017 · Information Security

How I Exploited Oracle Advanced Support to Run Remote SQL via Hidden JavaScript

During an external penetration test I discovered an Oracle Advanced Support service, reverse‑engineered its JavaScript endpoints, crafted GET and POST requests to create and execute named SQL statements, and ultimately extracted database version, user information, and password hashes, highlighting a critical web‑application flaw.

API abuseJavaScript analysisOracle
0 likes · 14 min read
How I Exploited Oracle Advanced Support to Run Remote SQL via Hidden JavaScript
MaGe Linux Operations
MaGe Linux Operations
Aug 12, 2017 · Information Security

123 Essential Python Tools for Penetration Testing and Security Research

This article compiles a comprehensive list of 123 Python-based penetration testing tools, covering network utilities, debugging and reverse‑engineering frameworks, fuzzing platforms, web testing kits, forensic analysis utilities, malware analysis helpers, PDF inspection modules, miscellaneous libraries, recommended books, talks, and additional resources for security professionals.

ForensicsPythonfuzzing
0 likes · 17 min read
123 Essential Python Tools for Penetration Testing and Security Research
MaGe Linux Operations
MaGe Linux Operations
Jun 25, 2017 · Information Security

How to Identify a Django-Powered Site During Black‑Box Penetration Testing

This guide outlines practical techniques—such as spotting Django's debug error pages, hidden CSRF tokens, default admin URLs, characteristic server headers, third‑party module fingerprints, and static admin assets—to reliably determine whether a target web application is built with Django during black‑box testing.

DjangoFramework DetectionWeb Application Security
0 likes · 5 min read
How to Identify a Django-Powered Site During Black‑Box Penetration Testing
dbaplus Community
dbaplus Community
Apr 4, 2017 · Information Security

Mastering Database Injection: Real‑World Attacks, Tools, and Defense Strategies

This comprehensive guide explains why database injection remains a critical security threat, illustrates real‑world attack techniques and toolchains, and provides layered defensive measures—from secure coding and DB‑proxy solutions to web‑server filtering, WAF deployment, and log‑analysis pipelines.

Database SecurityDefense StrategiesSQL injection
0 likes · 24 min read
Mastering Database Injection: Real‑World Attacks, Tools, and Defense Strategies
ITPUB
ITPUB
Mar 20, 2017 · Information Security

Essential Web Penetration Testing Q&A: From Recon to Exploit Techniques

This article compiles 42 practical questions and answers covering information gathering, vulnerability identification, exploitation tactics, and remediation advice for web applications, databases, servers, and common security mechanisms, providing a concise reference for penetration testers and security engineers.

CMS EnumerationSQL injectionServer Exploitation
0 likes · 17 min read
Essential Web Penetration Testing Q&A: From Recon to Exploit Techniques
360 Quality & Efficiency
360 Quality & Efficiency
Aug 29, 2016 · Information Security

Android Security Testing Guide

This guide explains how to use APKTool to decompile Android apps, inspect the AndroidManifest.xml for exposed components, and employ the Drozer framework to enumerate packages, assess component exposure, detect content provider leaks, SQL injection, file traversal, and service vulnerabilities.

APKToolAndroidDrozer
0 likes · 5 min read
Android Security Testing Guide
360 Quality & Efficiency
360 Quality & Efficiency
May 9, 2016 · Information Security

Comprehensive Guide to Security Testing: Methods, Tools, and Best Practices

This article provides an in‑depth overview of security testing, covering its definition, lifecycle, test types, a wide range of scanning and injection tools, practical checklists, evaluation metrics, and recommendations for integrating security assessments throughout the software development process.

information securitynetwork securitypenetration testing
0 likes · 20 min read
Comprehensive Guide to Security Testing: Methods, Tools, and Best Practices
ITPUB
ITPUB
Feb 17, 2016 · Information Security

Top 10 Linux Security Distributions for Privacy and Penetration Testing

Discover the ten best Linux security‑focused distributions, each designed to protect privacy, enable anonymous browsing, and provide powerful tools for network and system security testing, with concise overviews of their origins, features, and installation options.

Linuxdistributionspenetration testing
0 likes · 7 min read
Top 10 Linux Security Distributions for Privacy and Penetration Testing
Architect
Architect
Nov 26, 2015 · Information Security

Analysis of Password Structures and Patterns in Web Penetration Testing

This article examines how manually assigned passwords in web services exhibit predictable structures—prefixes, keywords, separators, and suffixes—by analyzing millions of leaked Gmail passwords and other data, and categorizes the patterns to aid security assessments.

information securitykeyword extractionpassword analysis
0 likes · 9 min read
Analysis of Password Structures and Patterns in Web Penetration Testing
Art of Distributed System Architecture Design
Art of Distributed System Architecture Design
Jul 16, 2015 · Information Security

Beyond GET/POST: Testing HTTP Headers and Cookies for SQL Injection

This article examines how web vulnerability scanners handle non‑traditional input vectors such as HTTP headers and cookies, demonstrates manual exploitation techniques for header‑based SQL injection, compares scanner coverage and accuracy, and offers practical guidance for developers and penetration testers.

SQL injectionSQLMapWeb Security
0 likes · 14 min read
Beyond GET/POST: Testing HTTP Headers and Cookies for SQL Injection