penetration testing

Quicmap: Fast, open-source QUIC protocol scanner

Don't miss, GitHub, networking, News, open source, penetration testing, scanning, software /

Quicmap: Fast, open-source QUIC protocol scanner 2024-03-18 at 12:01 By Mirko Zorz Quicmap is a fast, open-source QUIC service scanner that streamlines the process by eliminating multiple tool requirements. It effectively identifies QUIC services, the protocol version, and the supported ALPNs. “As I started researching the QUIC protocol, I noticed that my favorite scanner had […]

React to this headline:

Loading spinner

Quicmap: Fast, open-source QUIC protocol scanner Read More »

What organizations need to know about the Digital Operational Resilience Act (DORA)

auditing, Compliance, cybersecurity, Don't miss, EU, Features, Hot stuff, Kyndryl, News, opinion, penetration testing, regulation, resilience, Risk Management /

What organizations need to know about the Digital Operational Resilience Act (DORA) 2024-03-05 at 06:31 By Mirko Zorz In this Help Net Security interview, Kris Lovejoy, Global Security and Resilience Leader at Kyndryl, discusses the impact of the Digital Operational Resilience Act (DORA) on organizations across the EU, particularly in ICT risk management and cybersecurity.

React to this headline:

Loading spinner

What organizations need to know about the Digital Operational Resilience Act (DORA) Read More »

Kali Linux 2024.1 released: New tools, new look, new Kali Nethunter kernels

Don't miss, Hot stuff, Kali Linux, News, OffSec, penetration testing /

Kali Linux 2024.1 released: New tools, new look, new Kali Nethunter kernels 2024-02-29 at 12:35 By Zeljka Zorz OffSec has released Kali Linux 2024.1, the latest version of its popular penetration testing and digital forensics platform. The new version comes with new tools, a fresh look (themes, wallpapers and icons for Kali and Kali Purple),

React to this headline:

Loading spinner

Kali Linux 2024.1 released: New tools, new look, new Kali Nethunter kernels Read More »

BobTheSmuggler: Open-source tool for undetectable payload delivery

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software /

BobTheSmuggler: Open-source tool for undetectable payload delivery 2024-02-29 at 08:03 By Mirko Zorz BobTheSmuggler is an open-source tool designed to easily compress, encrypt, and securely transport your payload. It basically enables you to hide a payload in plain sight. BobTheSmuggler is helpful in phishing campaign assessments, data exfiltration exercises, and assumed breach scenarios. Features Hiding

React to this headline:

Loading spinner

BobTheSmuggler: Open-source tool for undetectable payload delivery Read More »

Web Check: Open-source intelligence for any website

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, OSINT, penetration testing, web analytics, web technologies /

Web Check: Open-source intelligence for any website 2024-02-26 at 08:02 By Mirko Zorz Web Check offers thorough open-source intelligence and enables users to understand a website’s infrastructure and security posture, equipping them with the knowledge to understand, optimize, and secure their online presence. Unlike similar services, Web Check is free. There’s no signup, tracking, logging,

React to this headline:

Loading spinner

Web Check: Open-source intelligence for any website Read More »

How purple teaming enhances inter-team collaboration and effectiveness in cybersecurity

AttackIQ, collaboration, cybersecurity, Don't miss, Hot stuff, penetration testing, red team, security controls, Video /

How purple teaming enhances inter-team collaboration and effectiveness in cybersecurity 2024-02-13 at 07:01 By Help Net Security In this Help Net Security video, Andrew Costis, Chapter Lead of the Adversary Research Team at AttackIQ, discusses how purple teaming allows security teams to break down barriers between teams and increase operational effectiveness. It’s no longer about

React to this headline:

Loading spinner

How purple teaming enhances inter-team collaboration and effectiveness in cybersecurity Read More »

Faction: Open-source pentesting report generation and collaboration framework

Don't miss, GitHub, News, open source, penetration testing, report, software /

Faction: Open-source pentesting report generation and collaboration framework 2024-01-30 at 07:31 By Mirko Zorz Faction is an open-source solution that enables pentesting report generation and assessment collaboration. Josh Summitt, the creator of Faction, has always disliked the process of writing reports, preferring to focus on uncovering bugs. A key frustration for him was the redundant

React to this headline:

Loading spinner

Faction: Open-source pentesting report generation and collaboration framework Read More »

CloudFoxable: Open-source AWS penetration testing playground

AWS, Bishop Fox, cybersecurity, News, penetration testing, research, skill development, software /

CloudFoxable: Open-source AWS penetration testing playground 2024-01-22 at 07:02 By Mirko Zorz CloudFoxable is a capture-the-flag (CTF) style learning platform you can deploy to your playground AWS account. It primarily targets current penetration testers seeking to learn exploitation of cloud-native attack paths, and cloud security experts aiming to practice offensive security techniques safely. “What makes

React to this headline:

Loading spinner

CloudFoxable: Open-source AWS penetration testing playground Read More »

Purple teaming and the role of threat categorization

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, penetration testing, red team, SpecterOps, threats /

Purple teaming and the role of threat categorization 2024-01-11 at 07:31 By Help Net Security Organizations constantly work to ensure optimal threat detection and prevention across their systems. One question gets asked repeatedly: “Can we detect the threats we’re supposed to be able to detect?” Red team assessment, penetration testing, and even purple team assessments

React to this headline:

Loading spinner

Purple teaming and the role of threat categorization Read More »

Embracing offensive cybersecurity tactics for defense against dynamic threats

bug bounty, cloud computing, cybersecurity, Don't miss, Features, Hot stuff, opinion, penetration testing, red team, regulation, SIX, strategy, Threat Intelligence /

Embracing offensive cybersecurity tactics for defense against dynamic threats 2024-01-11 at 07:02 By Mirko Zorz In this Help Net Security, Alexander Hagenah, Head of Cyber Controls at SIX, discusses the critical steps in creating effective offensive security operations and their impact on organizational security strategies. What are the critical steps in creating effective offensive security

React to this headline:

Loading spinner

Embracing offensive cybersecurity tactics for defense against dynamic threats Read More »

Product showcase: ImmuniWeb AI Platform

Artificial Intelligence, cybersecurity, ImmuniWeb, News, penetration testing, Product showcase, software /

Product showcase: ImmuniWeb AI Platform 20/12/2023 at 08:31 By Help Net Security ImmuniWeb is a global application security company that currently serves over 1,000 customers from more than 50 countries. ImmuniWeb AI Platform has received numerous prestigious awards and industry recognitions for intelligent automation and acceleration of application security testing, which delivers better quality of

React to this headline:

Loading spinner

Product showcase: ImmuniWeb AI Platform Read More »

EMBA: Open-source security analyzer for embedded devices

cybersecurity, Don't miss, embedded systems, GitHub, News, open source, penetration testing, software /

EMBA: Open-source security analyzer for embedded devices 19/12/2023 at 08:02 By Mirko Zorz The EMBA open-source security analyzer is tailored as the central firmware analysis tool for penetration testers and product security groups. It assists throughout the security evaluation procedure, extracting firmware, conducting static and dynamic analysis through emulation, and creating a web-based report. EMBA

React to this headline:

Loading spinner

EMBA: Open-source security analyzer for embedded devices Read More »

CISA Flags Gaps in Healthcare Org’s Security Posture, Issues Security Guidance

CISA, healthcare, Network Security, penetration testing, Vulnerabilities /

CISA Flags Gaps in Healthcare Org’s Security Posture, Issues Security Guidance 18/12/2023 at 18:16 By Ionut Arghire The US cybersecurity agency CISA issues cybersecurity recommendations for the healthcare and public health sector. The post CISA Flags Gaps in Healthcare Org’s Security Posture, Issues Security Guidance appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

CISA Flags Gaps in Healthcare Org’s Security Posture, Issues Security Guidance Read More »

5 open-source tools for pentesting Kubernetes you should check out

Don't miss, GitHub, Hot stuff, Kubernetes, News, open source, penetration testing, software /

5 open-source tools for pentesting Kubernetes you should check out 06/12/2023 at 08:02 By Help Net Security Kubernetes, often called K8s, is an open-source platform designed to automate the deployment, scaling, and operations of containerized applications. Kubernetes has become a critical part of the infrastructure for many organizations. However, with its widespread adoption, Kubernetes environments

React to this headline:

Loading spinner

5 open-source tools for pentesting Kubernetes you should check out Read More »

Kali Linux 2023.4 released: New tools, Kali for Raspberry Pi 5, and more!

Don't miss, Hot stuff, Kali Linux, Linux, News, OffSec, open source, penetration testing /

Kali Linux 2023.4 released: New tools, Kali for Raspberry Pi 5, and more! 05/12/2023 at 21:31 By Zeljka Zorz OffSec (previously Offensive Security) has released Kali Linux 2023.4, the latest version of its penetration testing and digital forensics platform. New tools in Kali Linux 2023.4 The list of tools freshly added to Kali Linux includes:

React to this headline:

Loading spinner

Kali Linux 2023.4 released: New tools, Kali for Raspberry Pi 5, and more! Read More »

SessionProbe: Open-source multi-threaded pentesting tool

Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software /

SessionProbe: Open-source multi-threaded pentesting tool 05/12/2023 at 09:03 By Mirko Zorz SessionProbe is a multi-threaded pentesting tool designed to evaluate user privileges in web applications. It takes a user’s session token and checks for a list of URLs if access is possible, highlighting potential authorization issues. It deduplicates URL lists and provides real-time logging and

React to this headline:

Loading spinner

SessionProbe: Open-source multi-threaded pentesting tool Read More »

Organizations’ serious commitment to software risk management pays off

Application Security, cybercrime, cybersecurity, News, open source, penetration testing, report, software, survey, Synopsys, Vulnerabilities /

Organizations’ serious commitment to software risk management pays off 21/11/2023 at 07:32 By Industry News There has been a significant decrease in vulnerabilities found in target applications – from 97% in 2020 to 83% in 2022 – an encouraging sign that code reviews, automated testing and continuous integration are helping to reduce common programming errors,

React to this headline:

Loading spinner

Organizations’ serious commitment to software risk management pays off Read More »

GOAD: Vulnerable Active Directory environment for practicing attack techniques

Active Directory, cybersecurity, GitHub, Hot stuff, News, open source, penetration testing /

GOAD: Vulnerable Active Directory environment for practicing attack techniques 26/10/2023 at 07:01 By Mirko Zorz Game of Active Directory (GOAD) is a free pentesting lab. It provides a vulnerable Active Directory environment for pen testers to practice common attack methods. GOAD-Light: 3 vms, 1 forest, 2 domains “When the Zerologon vulnerability surfaced, it highlighted our

React to this headline:

Loading spinner

GOAD: Vulnerable Active Directory environment for practicing attack techniques Read More »

Unmasking the limitations of yearly penetration tests

Ambionics, communication, Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, PCI DSS, penetration testing, risk assessment, shadow IT, Threat Intelligence, threats, vulnerability, web application /

Unmasking the limitations of yearly penetration tests 12/10/2023 at 07:31 By Mirko Zorz In this Help Net Security interview, Charles d’Hondt, Head of Operations, Ambionics Security, talks about the necessity of implementing continuous penetration testing because yearly ones are not enough. They leave blind spots and cannot match the security needs of regular releases and

React to this headline:

Loading spinner

Unmasking the limitations of yearly penetration tests Read More »

11 search engines for cybersecurity research you can use right now

cybersecurity, dark web, Don't miss, FullHunt, GreyNoise, Hot stuff, Intelligence X, Netlas, News, OffSec, ONYPHE, penetration testing, Shodan /

11 search engines for cybersecurity research you can use right now 29/08/2023 at 06:32 By Help Net Security Staying ahead in cybersecurity requires constant learning and adaptation. If you’re interested in cybersecurity research, explore the resources outlined below. DNSdumpster DNSdumpster is a free domain research tool that can discover hosts related to a domain. Finding

React to this headline:

Loading spinner

11 search engines for cybersecurity research you can use right now Read More »

Scroll to Top