Rapid7 Nexpose is a vulnerability scanner which aims to support the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. RAPID7 plays a very important and effective role in the penetration testing, and most pentesters use RAPID7. This paragraph is abbreviated from www.rapid7.com The following figure shows some of [...]
A kind of penetration testing aid is the Metasploit Project. This open-source framework allows testing via command line alterations or GUI. The Metasploit Framework is a Ruby-based, modular penetration testing platform that enables a pentester (hacker) to writes, tests, and executes exploit code. In other words, the Metasploit framework is a very powerful tool which can [...]
Zero-day is a flaw in software, hardware or firmware that it has the potential to be exploited by cybercriminals. In other words, zero-day is a vulnerability in a system or device that has been disclosed but is not yet patched. A zero day exploit is a cyber-attack that occurs on the same day a weakness [...]
A penetration test (pen test or pentest and or ethical hacking) is a simulated cyber-attack against a computer system to check for exploitable vulnerabilities. You should not be confused it with a vulnerability assessment. Source: en.wikipedia.org In fact, this test simulates a real-world attack to determine how any defenses will fare and the possible magnitude [...]
In this post, we'll take a look at ManageEngine ADAudit to help you understand the different aspects of this network product. You can use ManageEngine ADAudit to ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects (like Users, Groups, GPOs, Computers, OUs, etc.). [...]
A broadcast storm is also known as a network storm. It is an abnormally high number of broadcast packets within a short period of time. The broadcast storm is one of the major deficiencies in computer network systems and it can shut down entire network in seconds. When different nodes are sending/broadcasting data over a [...]
Wireshark is a network packet analyzer. This software one of the best packet analyzers available today and is available for free, and it is open source. This software, formerly known as Ethereal but the project was renamed Wireshark in May 2006 due to trademark issues. Sources: wireshark.org and en.wikipedia.org Wireshark is cross-platform and it runs [...]
In this post, we'll take a look at SSL protocol and TLS protocol to help you understand the different aspects of these protocols. One of the most important topics in Cyber-security course is web secure. What’s SSL? SSL (Secure Sockets Layer) is a protocol for establishing authenticated and encrypted links between networked computers. [...]
Remote Authentication Dial-In User Service (RADIUS) is a networking protocol, operating on ports UDP 1645 and UDP 1812 that provides centralized AAA (Authentication, Authorization, and Accounting) management for users who connect and use a NAS (network access server such as VPN concentrator, router, switch). This protocol is a client/server protocol and software that enables remote [...]