There may be times on a penetration test where you run into a locked down environment and you can’t use cmd.exe This is done in a few different ways. Via the registry: REG add HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /t REG_DWORD /d 1 /f Or, like the screenshot, set via the GUI: Start -> Run -> gpedit.msc [...]
Lately I’ve been doing more posts on less technical topics relating to the semantics of pentesting. The reason for this is because lately I’ve had the opportunity to be surrounded by (and communicating with) brilliant testers and have been surprised by the ideas I’ve come up with as a result. I’ve learned to refine my [...]
SaaS Penetration Testing is a model i can’t get behind, but that doesn’t mean that the people behind the product don’t have good ideas. A few days ago this company provided a pretty decent guideline article on testing flash applications called “A Lazy Pen Tester’s Guide to Testing Flash Applications“ It outlines the general categories [...]
Also featured on Ethicalhacker.net: Nmap is indispensable. OK, that was obvious. There is no doubt that Fyodor and contributors have made the de-facto standard of network scanners, but when it comes down to learning the ins and outs and the power of Nmap, where should you put your hard earned cash? Let’s neglect the support [...]
Welcome to Security Aegis Se·cu·ri·ty –noun 1.freedom from danger, risk, etc.; safety.2.freedom from care, anxiety, or doubt; well-founded confidence.3.something that secures or makes safe; protection; defense. Ae·gis –noun 1. Classical Mythology. the shield or breastplate of Zeus or Athena, bearing at its center the head of the Gorgon.2. Protection; support: under the imperial aegis.3. Guidance, [...]