Category: Software Topics

PenTest Edition: Capture Images That Network Users Are Looking at Using Driftnet and WebSploit

WebSploit is an advanced MitM framework of penetration testing tools used to assess wired/wireless network security, web vulnerabilities, and exploitation techniques. This demonstration uses the network/mitm module to set up a Man-in-the-Middle (MitM) attack between the target and the gateway in addition to using Driftnet to steal any unencrypted (and possibly encrypted) images that the ...

Over 3,000 iOS and Android Apps Leak 100 Million User Sensitive Records via Misconfigured Firebase Backends

When building an app that needs to store and share data from a server, software developers can rely on Google's Firebase Realtime cloud-hosted database. This Infrastructure as a Service (IaaS) removes serious time constraints by providing app developers with maintenance and support, offline support, and real-time synchronization of data with clients in real-time. And, since ...

PenTest Edition: Cracking Wi-Fi Passwords with Aircrack-ng

Aircrack-ng is a suite of wireless penetration testing tools used to assess the security of Wi-Fi networks, specifically through various monitoring, attacking, testing, and cracking methods that you'll learn here. Aircrack-ng is compatible with various IEEE 802.11 standards, which is great, but it will only work if you're wireless NIC supports "monitor" mode. If you ...

Scan Your Home Network for Vulnerabilities Using Nessus

Nessus is a proprietary vulnerability scanner created by Tenable, Inc. It is free to home users for personal use (Nessus Home), but requires a license for commercial use (Nessus Professional). Obviously, the commercial version comes with more features, but this does not in any way degrade the effectiveness of Nessus Home. With Nessus Home, users ...

PenTest Edition: Wireshark

Wireshark is a GUI, cross-platform, open-source protocol and packet analyzer available for Microsoft Windows, Linux, Mac OS, BSD, Solaris, and some other Unix-like operating systems. As a packet analyzer, Wireshark's functionality includes network troubleshooting, packet capture analysis, real-time network traffic observation, examining security problems, protocol implementation debugging, and reconnaissance. If you're already familiar with tcpdump or ...