maldevel

Open Source Intelligence on DNS records – ASN

During a Red Teaming engagement you have to map the external perimeter of the organization. There are several ways to accomplish this. Each of these…

Posted by maldevel18/09/2021

asn, asset-discovery, dns, osint, peers, redteaming, shadow-it

Tunnel all http/https traffic through ssh

During an Internal Penetration Testing Engagement that is being conducted remotely through a VPN connection, your best option is to setup a e.g. Kali Linux…

Posted by maldevel10/09/2020

dns, http, https, implant, leaks, pivoting, ssh, traffic, tunnel, vpn, webrtc

Protect critical information with encrypted file containers

Do you have sensitive or critical information and/or customer data on your computer that you need to protect for prolonged periods from physical attacks and…

Posted by maldevel18/07/2020

container, cryptsetup, data, dm-crypt, encryption, linux, luks, privacy, protection, sensitive

Find metadata and hidden information in documents

During an Open Source Intelligence (OSINT) investigation, having the right tool for the right job is essential. The success of an OSINT investigation project might…

Posted by maldevel04/05/2020

analysis, exif, fingerprinting, footprinting, gathering, information, investigation, metadata, osint, reconnaissance

Perform automated network reconnaissance scans

Almost every Internal and External network security assessment engagement requires a network, system and services footprinting, to gather as much information as possible about the…

Posted by maldevel12/04/2020

assessment, automation, footprinting, gather, gathering, information, intelligence, network, open-source, penetration, reconnaissance, security, testing, tool

Perform DOS Attack on VOIP Network

Most of the security assessment engagements performed in a production environment, explicitly prohibit the use of any tools and/or methods that would cause a Denial-Of-Service(DoS)…

Posted by maldevel12/03/2020

assessment, call, center, denial-of-service, dos, flood, invite, inviteflood, penetration, rtp, sdp, security, sip, srtp, testing, voip

Replay captured UDP traffic

There are a number of situations where an engagement will demand testing the communication between two or more services, applications and/or clients. This will require…

Posted by maldevel01/03/2020

captured, packets, penetration, replay, sniffing, testing, udp, udpreplay, wireshark

Web Application Penetration Testing – Part 4

This blog post series will be covering the topic of performing Web Application Penetration Tests. Web Application Penetration Testing Part 1 and Part 2 focused…

Posted by maldevel25/02/2020

application, assessment, guide, penetration, security, testing, tutorial, web

Web Application Penetration Testing – Part 3

This blog post series will be covering the topic of performing Web Application Penetration Tests. Web Application Penetration Testing Part 1 and Part 2 focused…

Posted by maldevel02/01/2020

application, assessment, guide, penetration, security, testing, training, tutorial, web

Web Application Penetration Testing – Part 2

This blog post series will be covering the topic of performing Web Application Penetration Tests. In part one of this series, we focused on gathering…

Posted by maldevel19/12/2019

application, assessment, guide, penetration, security, testing, training, tutorial, web