Jan
26
In the continuation of our Pentesting 101 series we dive deeper into fingerprinting. During the remainder of this series, we will display nmap screenshots. We recommend reading the command line switches here to familiarize yourself with the information before the next section of the article is released. It’s worth it to take a moment to read the command line switches on this page to familiarize yourself with the upcoming set of screenshots. Read More
Jan
05
Google and file searches on a website are good ways to accomplish manual Human OSINT. However, most penetration testers like automation. There is a tool called “Maltego” that automates many of the search processes one would use on multiple search engines and social media platforms. Maltego is an application that has many plugins that interface with APIs of various internet databases. Some of these databases are ones that previous articles have mentioned like shodan.io. These APIs can be... Read More
Dec
22
One of the most comprehensive ways to gather Technical OSINT on a penetration testing target is to use a search engine called “Shodan.” Shodan isn’t a normal search engine like Google or DuckDuckGo. What Shodan does is scan the internet for devices.  Read More
Dec
15
IT teams that access dark forums for cyber security intelligence are urged to use caution and practice transparency. While dark markets and the dark web can provide valuable information for cyber security professionals, organizations and individuals need to follow laws and regulations and maintain open lines of communication with law enforcement to avoid major investigative scrutiny. That’s what the DOJ is saying in a recently published report outlining the intricacies of accessing the Dark... Read More
Dec
07
This is a new series of articles that will cover the complete penetration testing methodology based largely on case studies of previous hacks. These articles will cover initial reconnaissance, picking an attack vector, gaining a foothold, maintaining presence, lateral movement, and finally going after the prize. A guide to Open Source Intelligence One of the main case studies these articles will borrow from is the APT1 report published by Mandiant in 2013. Though the report focuses on a... Read More
Dec
01
Phishing attacks have been a nuisance for the IT industry for a long time. As the holiday season approaches, organizations must focus their efforts on raising cyber security awareness to counter the effects of social engineering. Every day, cyber criminals find new ways to cheat individuals and businesses online. Whether it’s credential theft, ransomware or corporate espionage, new technologies make it increasingly easy for cyber criminals to disrupt our daily lives. Phishing continues to do... Read More
Nov
20
Red team tactics are at the heart of cyber security with organizations around the world offering rewarding, high-salary careers to ethical hackers who understand the importance of penetration testing. No matter where you’re at in your InfoSec journey, there’s an INE cyber security learning path for you. Here’s a look at our red team training, all included with your Cyber Security subscription. Read More
Nov
19
What is Malware Analysis? Malware analysis is the art of dissecting malicious software with the objective of answering three core questions: Read More
Nov
04
HONEST Security’s Amber Holcomb discusses innovations in Internet of Things connected devices and how to keep IoT safe from cyber criminals. Amber Holcomb is Director of Operations at HONEST Security. She is passionate about encouraging and supporting young women in STEM and empowering women in the tech industry.  Read More
Oct
22
Today’s breaches continue to start with compromised email accounts, with monetary gain remaining the top motivation for stealing login credentials. Typically, these are opportunistic attacks, a sort of spray and pray tactic. According to ProofPoint’s report Human Factor 2019, 25% of phishing emails in 2018 were generic credential harvesting. Phishing is the number one attack vector, mainly because social engineering is still a wildly successful way to compromise users because so many people... Read More

Subscribe to INE Blog Updates

New Blog Posts!