Nov 1, 2018 | Penetration Testing
By: Eric Kobelski As a software developer turned security engineer, I continue to follow current development technologies, as it makes me more of an effective tester. One of the articles that I was reading contained an interview with one of the applications developers...
Sep 11, 2018 | Information Security, Penetration Testing
Rewrite: Justin Fimlaid Original Author: Hunter Gregal Cross-site scripting, or otherwise known as XSS, is the most common web application vulnerability on the internet. I have found this to be true through both data research and personal experience during penetration...
Aug 17, 2018 | Penetration Testing
By: Randy Duprey What is Red Teaming? Red teaming in general can be defined as a goal-based adversarial testing process. The concept has existed since the sixth Century BCE when the ancient military genius Sun Tzu stated that “…one who knows the enemy and knows...
Jul 18, 2018 | Penetration Testing
By: Eric Kobelski, Security Engineer One question that we get consistently is “What exactly is a web application penetration test?”. There are some companies that will run a vulnerability scanner against your application and call that a penetration test, but this is...
Jul 2, 2018 | Penetration Testing
By: Eric Kobelski, Security Engineer Updated on: 06/28/2018 Burp’s Collaborator is a useful tool to assist with web application (webapp) penetration and security testing; particularly when malicious payloads are injected and then exercised by a vulnerable system. When...
![NullByte: 1 [Walkthrough]](https://www.nuharborsecurity.com/wp-content/uploads/2018/05/NullByte-Walkthrough-1024x675.jpg)
May 31, 2018 | Penetration Testing
Originally Written By: Hunter Gregal Updated By: Justin Fimlaid It’s that time again; to practice our penetration testing skills and tactics! NullByte: 1 is another root-the-box type challenge that can be found on http://vulnhub.com. Like other challenges on the...
Dec 29, 2015 | Information Security, Penetration Testing
By: Hunter Gregal A key component of any enterprise network will often be a functional webserver with PHP compatibility and a database back-end. On a Linux server, a common setup is to use Apache HTTP Server as the primary webserver. Combining the Apache HTTP Server...
Dec 29, 2015 | Information Security, Penetration Testing
By: Hunter Gregal So you have an Apache2 webserver completely configured and installed on an Ubuntu/Debian machine. Perhaps you are using a MySQL backend along with PHP support (How To Install LAMP Server On Ubuntu ). But what happens when malicious attackers or bots...
Aug 6, 2015 | Information Security, Penetration Testing
Application Security Testing Tutorial via Rooting Hackademics RTB1 Author: Hunter Gregal Hackademic Root The Box 1 is a vulnerable virtual machine that can be found on vulnhub.com. The goal is to exploit the machine and read the key.txt file in the root home...
