Jul
14
In our last blog post, we identified the first three tools Pentesters need to know, which include various social media platforms for information gathering as well as Nmap and FPing for host / port scanning. In part two, we will continue to take a look at a few other key tools needed and when they should be used. Read More
May
11
We concluded part one of the pentesting callback blog series with a bit of a cliffhanger! The console was hung on the victim machine and if the victim were to kill the process or close the window, the reverse shell had the potential to be killed as well.  Read More
Apr
06
Hisomeru's Pentesting 101 article series continues with a look at different callback techniques as well as simple SSH tunneling. INTRODUCTION Read More
Feb
25
  As a continuation of INE's Cyber Security Week and Hisomeru's Pentesting 101 series we cover social engineering and how your team can prevent dangerous and costly attacks.  Read More
Feb
02
In the conclusion of the Fingerprinting section of our Pentesting 101 series we cover hiding while fingerprinting. Need to catch up? Check out our entire Pentesting 101 series here.  Read More
Jan
26
In the continuation of our Pentesting 101 series we dive deeper into fingerprinting. During the remainder of this series, we will display nmap screenshots. We recommend reading the command line switches here to familiarize yourself with the information before the next section of the article is released. It’s worth it to take a moment to read the command line switches on this page to familiarize yourself with the upcoming set of screenshots. Read More
Jan
12
So far in the introduction to penetration testing series of articles, we have covered non-intrusive ways of gathering intelligence on a target network. Using Technical and Human OSINT helped create a picture of the target network that is subject to a penetration test through unobtrusive means. If you’re just joining us in this series, we define Technical OSINT as gathering technical data on a target network through tools and web searches. Human OSINT is gathering data on the human aspect of the... Read More
Jan
05
Google and file searches on a website are good ways to accomplish manual Human OSINT. However, most penetration testers like automation. There is a tool called “Maltego” that automates many of the search processes one would use on multiple search engines and social media platforms. Maltego is an application that has many plugins that interface with APIs of various internet databases. Some of these databases are ones that previous articles have mentioned like shodan.io. These APIs can be... Read More
Dec
29
When gathering initial information, penetration testers need to focus on an organization’s human element. In the last article, we covered the technical aspects of Open Source Intelligence or OSINT. OSINT traditionally comes in two different forms, Technical and Human. For penetration tests, it is equally important to know the human aspect of the target network just as well as knowing the technical aspects. Read More
Dec
22
One of the most comprehensive ways to gather Technical OSINT on a penetration testing target is to use a search engine called “Shodan.” Shodan isn’t a normal search engine like Google or DuckDuckGo. What Shodan does is scan the internet for devices.  Read More

Subscribe to INE Blog Updates

New Blog Posts!