This post includes a list of public resources (e.g., databases) for vulnerability research. It also features some well-known sites that are no longer available. Exploit Database (Exploit DB) is an archive of exploits for the purpose of public security, and it…
This post summarizes some enumeration tools for lightweight directory access protocol (LDAP). To read more about LDAP and Directory Services, please read this post. List of LDAP Enumeration Tools LDAP Enumeration Tools: Softerra LDAP Administrator LDAP Admin Tool LDAP…
List of network scanning tools: Most common are nmap, hping3, NetScanTools Pro and Advanced Port Scanner. List of network scanning tools nmap hping3 NetScanTools Pro Advanced Port Scanner SuperScan PRTG Network Monitor OmniPeek MiTeC Network…
Some NetBIOS Enumeration tools: nbtstat (Windows) hyena Nsauditor Network Security Auditor NetScanTools Pro SoftPerfect Network Scanner SuperScan NetBIOS Enumerator Nbtscan (Linux) nmblookup (Linux) IP Tools MegaPing Two of the most popular are nbstat (Windows) and hyena. List of NetBIOS Enumeration…
This post summarizes commonly used TCP and UDP ports. The total number of ports for both TCP and UDP is what can be numbered with 16-digit binary number, it means, 65,536 ports, numbered from 0 to 65,535. Default TCP and…
Smurf attack, also known as ICMP Echo Request, is a distributed reflection denial of service (DRDoS). Othe examples of DRDoS are DNS poisoning and fraggle attack. Description of smurf attack Smurf attack is performed as follows: How to prevent smurf…
Netcraft Sublist3r Python script Example of use: sublist3r -d example.com -p 80 External references CEH v10: Module 2 Footprinting
This post features different types of clouds. This post is part of the introduction to cloud computing. Virtual Private Cloud (VPC) Featured Cloud Deployment Models Cloud Deployment Models: Private Cloud: A private cloud, also known as internal or corporate cloud,…
Security Testing Methodologies: List of Security Testing Methodologies Open Web Application Security Project (OWASP) Open Web Application Security Project (OWASP) is the Open Web Application Security Project, which is an open-source application security project that assists the organizations to purchase,…
Types of Security Controls: Preventive: Prevent security violations and enforce various access control mechanisms. Detective: Detect security violations. Corrective or recovery: Used to restore systems. Deterrent: Used to discourage. Compensating: Used as an alternative control when the intended controls failed.…