penetration testing

Orbit: Open-source Nuclei security scanning and automation platform

Don't miss, GitHub, News, open source, penetration testing, scanning, software, Terraform /

Orbit: Open-source Nuclei security scanning and automation platform 2025-02-17 at 07:50 By Mirko Zorz Orbit is an open-source platform built to streamline large-scale Nuclei scans, enabling teams to manage, analyze, and collaborate on security findings. It features a SvelteKit-based web frontend and a Go-powered backend, with Terraform and Ansible handling infrastructure and automation. “I built […]

React to this headline:

Loading spinner

Orbit: Open-source Nuclei security scanning and automation platform Read More »

SysReptor: Open-source penetration testing reporting platform

Don't miss, GitHub, News, penetration testing, software /

SysReptor: Open-source penetration testing reporting platform 2025-02-12 at 07:05 By Mirko Zorz SysReptor is a customizable open-source penetration testing reporting platform built for pentesters, red teamers, and cybersecurity professionals. You can optimize your workflow by simplifying, automating, and personalizing your reports. “SysReptor is an easy-to-use tool for pentesters and simplifies pentest reporting. Reports are designed

React to this headline:

Loading spinner

SysReptor: Open-source penetration testing reporting platform Read More »

Penetration Testing ROI: How to Convince Leadership to Invest in Cybersecurity

penetration testing, Vulnerabilities /

Penetration Testing ROI: How to Convince Leadership to Invest in Cybersecurity 2025-02-05 at 23:06 By While Chief Information Security Officers (CISOs) know how crucial a consistent enterprise penetration testing program is to their cybersecurity program, convincing their fellow leaders and board members to invest in pen testing amid other budget demands can be challenging. This

React to this headline:

Loading spinner

Penetration Testing ROI: How to Convince Leadership to Invest in Cybersecurity Read More »

BadDNS: Open-source tool checks for subdomain takeovers

Don't miss, GitHub, News, open source, penetration testing, scanning, software /

BadDNS: Open-source tool checks for subdomain takeovers 2025-02-03 at 07:03 By Mirko Zorz BadDNS is an open-source Python DNS auditing tool designed to detect domain and subdomain takeovers of all types. BadDNS modules cname – Check for dangling CNAME records and interrogate them for subdomain takeover opportunities ns – Check for dangling NS records and

React to this headline:

Loading spinner

BadDNS: Open-source tool checks for subdomain takeovers Read More »

Stratoshark: Wireshark for the cloud – now available!

Cloud, Don't miss, News, open source, penetration testing, software, Sysdig, wireless, Wireshark /

Stratoshark: Wireshark for the cloud – now available! 2025-01-22 at 20:33 By Help Net Security Stratoshark is an innovative open-source tool that brings Wireshark’s detailed network visibility to the cloud, providing users with a standardized approach to cloud observability. Stratoshark incorporates much of Wireshark’s codebase, including its user interface elements. The interface and workflows will

React to this headline:

Loading spinner

Stratoshark: Wireshark for the cloud – now available! Read More »

MSSqlPwner: Open-source tool for pentesting MSSQL servers

database security, Don't miss, GitHub, News, open source, penetration testing, software /

MSSqlPwner: Open-source tool for pentesting MSSQL servers 2025-01-17 at 07:48 By Help Net Security MSSqlPwner is an open-source pentesting tool tailored to interact with and exploit MSSQL servers. Built on Impacket, it enables users to authenticate with databases using various credentials, including clear-text passwords, NTLM hashes, and Kerberos tickets. The tool offers multiple methods for

React to this headline:

Loading spinner

MSSqlPwner: Open-source tool for pentesting MSSQL servers Read More »

Why Vulnerability Scanning Alone Isn’t Enough: The Case for Penetration Testing

penetration testing, Tips & Tricks, Vulnerabilities /

Why Vulnerability Scanning Alone Isn’t Enough: The Case for Penetration Testing 2025-01-10 at 16:11 By Grayson Lenik Organizations today face a rapidly evolving threat landscape, and as they plan their cybersecurity strategy and budgets, many may struggle with a key question: If I’m conducting regular vulnerability scans, and patching the vulnerabilities I identify, do I

React to this headline:

Loading spinner

Why Vulnerability Scanning Alone Isn’t Enough: The Case for Penetration Testing Read More »

Scaling penetration testing through smart automation

Artificial Intelligence, automation, Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, penetration testing, Plainsea /

Scaling penetration testing through smart automation 2025-01-08 at 07:06 By Mirko Zorz In this Help Net Security interview, Marko Simeonov, CEO of Plainsea, discusses how organizations can move beyond compliance-driven penetration testing toward a more strategic, risk-based approach. He explains how automation, human expertise, and continuous monitoring can transform penetration testing into a dynamic, business-critical

React to this headline:

Loading spinner

Scaling penetration testing through smart automation Read More »

Why Companies Need to Extend Penetration Testing to OT Environments

penetration testing, Vulnerabilities /

Why Companies Need to Extend Penetration Testing to OT Environments 2025-01-02 at 20:08 By Allen Numerick As companies continue to integrate their operational technology (OT) and IT environments, they’re coming to grips with the fact that this move opens them up to new avenues for cyber threats. This article is an excerpt from Trustwave Blog

React to this headline:

Loading spinner

Why Companies Need to Extend Penetration Testing to OT Environments Read More »

Evilginx: Open-source man-in-the-middle attack framework

Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software /

Evilginx: Open-source man-in-the-middle attack framework 2024-12-23 at 07:37 By Mirko Zorz Evilginx is an open-source man-in-the-middle attack framework designed to phish login credentials and session cookies, enabling attackers to bypass 2FA safeguards. “Back in 2017, I was experimenting with extracting cookies from one browser and importing them into another. I realized this technique could effectively

React to this headline:

Loading spinner

Evilginx: Open-source man-in-the-middle attack framework Read More »

Kali Linux 2024.4 released! 14 new shiny tools added

Kali Linux, News, open source, penetration testing /

Kali Linux 2024.4 released! 14 new shiny tools added 2024-12-17 at 11:15 By Help Net Security Kali Linux 2024.4 includes a broad set of updates and changes. The summary of the changelog since the 2024.3 release from September: Python 3.12 – New default Python version (Au revoir pip, hello pipx). The end of the i386

React to this headline:

Loading spinner

Kali Linux 2024.4 released! 14 new shiny tools added Read More »

Overcoming legal and organizational challenges in ethical hacking

Artificial Intelligence, cybersecurity, Don't miss, Features, hacking, Hackrate, Hot stuff, News, open source, opinion, penetration testing, regulation, skill development, strategy, tips /

Overcoming legal and organizational challenges in ethical hacking 2024-11-25 at 07:33 By Mirko Zorz In this Help Net Security interview, Balázs Pózner, CEO at Hackrate, discusses the essential technical skills for ethical hackers and how they vary across different security domains. He explains how AI and machine learning enhance ethical hacking by streamlining vulnerability detection

React to this headline:

Loading spinner

Overcoming legal and organizational challenges in ethical hacking Read More »

Upping An Offensive Security Game Plan with Pen Testing as a Service

penetration testing, Vulnerabilities /

Upping An Offensive Security Game Plan with Pen Testing as a Service 2024-11-22 at 16:16 By Ed Williams While most security professionals recognize the value of penetration testing, they too often conduct pen tests only sporadically – maybe quarterly at best. Pen Testing as a Service (PTaaS) is a way to change that equation, enabling companies to conduct

React to this headline:

Loading spinner

Upping An Offensive Security Game Plan with Pen Testing as a Service Read More »

Product showcase: Augmenting penetration testing with Plainsea

cybersecurity, Don't miss, Hot stuff, News, penetration testing, Plainsea, Product showcase /

Product showcase: Augmenting penetration testing with Plainsea 2024-11-21 at 08:03 By Help Net Security Human-led penetration testing is an essential practice for any organization seeking to proactively address potential attack vectors. However, this indispensable pentesting method is often limited by several factors: high resource demands, project time constraints, dispersed communication, and lack of continuous visibility

React to this headline:

Loading spinner

Product showcase: Augmenting penetration testing with Plainsea Read More »

Argus: Open-source information gathering toolkit

Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software /

Argus: Open-source information gathering toolkit 2024-10-23 at 07:33 By Help Net Security Argus is an open-source toolkit that simplifies information gathering and reconnaissance. It features a user-friendly interface and a collection of powerful modules, enabling the exploration of networks, web applications, and security configurations. Argus offers a collection of tools categorized into three main areas:

React to this headline:

Loading spinner

Argus: Open-source information gathering toolkit Read More »

Cybersecurity Awareness Month: The Great Offensive Security/Active Defense Strategy

penetration testing, Tips & Tricks, Vulnerabilities /

Cybersecurity Awareness Month: The Great Offensive Security/Active Defense Strategy 2024-10-21 at 21:48 By It’s Cybersecurity Awareness Month and you know what that means. We spend every spare hour waiting for The Great Pumpkin. This article is an excerpt from Trustwave Blog View Original Source React to this headline:

React to this headline:

Loading spinner

Cybersecurity Awareness Month: The Great Offensive Security/Active Defense Strategy Read More »

Ransomware Readiness: 10 Steps Every Organization Must Take

Database Protection, DFIR, penetration testing, Threat Intelligence, Tips & Tricks, Vulnerabilities /

Ransomware Readiness: 10 Steps Every Organization Must Take 2024-10-18 at 18:31 By At the end of every year, the Trustwave content team asks its in-house experts what cybersecurity topics they predict will be top of mind in the coming 12 months, and inevitably the top answer is more ransomware. This article is an excerpt from

React to this headline:

Loading spinner

Ransomware Readiness: 10 Steps Every Organization Must Take Read More »

Spotting AI-generated scams: Red flags to watch for

Artificial Intelligence, blockchain, cybersecurity, deepfakes, Don't miss, Features, fraud, Hot stuff, Mano Bank, News, opinion, penetration testing, regulation /

Spotting AI-generated scams: Red flags to watch for 2024-10-03 at 07:32 By Mirko Zorz In this Help Net Security interview, Andrius Popovas, Chief Risk Officer at Mano Bank, discusses the most prevalent AI-driven fraud schemes, such as phishing attacks and deepfakes. He explains how AI manipulates videos and audio to deceive victims and highlights key

React to this headline:

Loading spinner

Spotting AI-generated scams: Red flags to watch for Read More »

Trustwave’s 7-Step Guide to Building a Healthcare-Focused Cybersecurity Framework

Database Protection, DFIR, Managed Detection and Response, Managed Security Services, penetration testing, Tips & Tricks /

Trustwave’s 7-Step Guide to Building a Healthcare-Focused Cybersecurity Framework 2024-10-02 at 17:01 By Healthcare organizations face increasing challenges in safeguarding patient data. This article is an excerpt from Trustwave Blog View Original Source React to this headline:

React to this headline:

Loading spinner

Trustwave’s 7-Step Guide to Building a Healthcare-Focused Cybersecurity Framework Read More »

Suricata: Open-source network analysis and threat detection

cybersecurity, Don't miss, Hot stuff, intrusion detection, network analysis, News, OISF, open source, penetration testing, software, threat detection /

Suricata: Open-source network analysis and threat detection 2024-10-02 at 07:31 By Help Net Security Suricata is an open-source network intrusion detection system (IDS), intrusion prevention system (IPS), and network security monitoring engine. Suricata features Suricata offers comprehensive capabilities for network security monitoring (NSM), including logging HTTP requests, capturing and storing TLS certificates, and extracting files

React to this headline:

Loading spinner

Suricata: Open-source network analysis and threat detection Read More »

Scroll to Top