Shaqjohari

Shaqjohari

Thursday, 16 May 2019 15:57

Social Engineering Penetration Testing

Social engineering penetration testing is the practice of attempting typical social engineering scams on a company’s employees to ascertain the organization's level of vulnerability to that type of exploit.

Social engineering pen testing is designed to test employees' adherence to the security policies and practices defined by management. Testing should provide a company with information about how easily an intruder could convince employees to break security rules or divulge or provide access to sensitive information. The company should also get a better understanding of how successful their security training is and how the organization stacks up, security-wise, in comparison to their peers.

Social engineering testing may be conducted as part of more comprehensive penetration tests (pen tests). Like ethical hacking methods, the tests themselves generally replicate the types of efforts that real-world intruders use.

Introduction

Virtualization packages are means for users to run various operating systems without "bare-metal" hardware - basically, you can run more than one operating system on a single computer without dual-booting or similar approaches. Virtualization software emulates a real machine and "fools" the guest operating system into thinking it's running on a real computer. Besides the more obvious advantages, virtual machines help create a greener and easier to administer computing environment. Looking at the trends in the IT industry, virtualization has seen quite a boom in the last few years, because it fits the concepts of utility computing and/or software as a service. Virtualization can be useful to you if you are an enterprise architect, developer, a home user or basically everything in between. We will begin with a short introduction about virtualization in general, then we will specifically treat VirtualBox and KVM as they seem to be most popular open source full virtualization solutions. You are expected to know your way around Linux systems, how to install a Linux distribution and how to install software on it, although we will show you how to install the two aforementioned virtualization packages on some of the popular Linux distributions.

There are two types of virtualization : one that can run the guest system as-is (as in, unmodified) and another that request a modified kernel on the guest's side in order to run. The first category is named full virtualization, because it emulates a complete hardware environment, the second is named paravirtualization , because it doesn't emulate hardware and hence needs special modifications at guest level, a good example of this type of virtualization being Xen. These are part of a bigger category named hardware virtualization, but there are also other (software, network or storage, amongst others) virtualization types, which we will not detail here. The two pieces of software we will talk about fit into the full virtualization category. Other popular hardware virtualization technologies include QEMU, Bochs, VMware, Parallels, HyperV or OpenVZ.

When is virtualization useful?
Linux distributions

The Linux world is full of interesting and tempting offers. There are over 600 (!) Linux distributions to choose from, which makes it hard for a person that only has one computer to try them all, or just a few even. LiveCDs aren't always helpful, so one may need to install in order to get the gist of it. Every Linux distribution release brings new and exciting features, and you may feel the thrill and the impulse to install and test it. Enter virtualization. You download the ISO, install the distro in a virtual environment and you're good to go, all in a short time. You don't like it, you delete it. Especially when you're kinda new to the Linux world and you might be confused by the big number of available distributions, this might just be what you need. Also, if you're a developer and need to run the development branch of your distro (think Fedora Rawhide or Debian Sid) but that is too unstable for everyday use, install in a VM and start developing.
Other operating systems

This extends to other operating systems you might need : maybe you have a propgram that runs only on Windows and you don't wanna install Windows just for that one program. Maybe you want to learn Solaris but lack the hardware. Provided you have the appropriate computer configuration that supports virtualization, now you can do it.
What you will need

 



Modern processors have special CPU instructions for hardware emulation. You can live without, but you really don't want to, since the host operating system will have to emulate the lacking virtualization instruction and this will slow down your guest(s) significantly. We presume your host OS has Linux installed and your CPU has the necessary virtualization capabilities. The most simple way to check if your CPU has what it takes, do

$ egrep ‘(vmx|svm)’ /proc/cpuinfo

and if that returns either vmx (Intel CPUs) or svm (AMD CPUs), you're good to go. But that of course isn't the only request on the hardware side. Check the web page of the system you want to install as guest to check if you meet its' hardware requirements. We recommend at least 20GB free in your home directory and a minimum of 2GB of memory on the host, so you can allocate a mean amount of 768MB to the guest for optimal performance. Of course, should you want to run multiple virtual machines (maybe in parallel), those requirements grow considerably.

KVM or VirtualBox?

KVM virtualization on linuxFirst of all, why would we offer you two virtualization packages? Why not one for all your needs? Well, we believe in the "right tool for the job" concept. KVM offers some features that VirtualBox does not and the other way around. There is no such thing in the IT world as a universal tool, so it's important to use something that fits your needs. The basic idea is : if you want to install a binary Linux distribution as a guest, use KVM. It's faster and its' drivers are included in the official kernel tree. If your guest involves lots of compiling and needs some more advanced features, and/or isn't a Linux system, better go with VirtualBox.

The technical reasons are quite simple : KVM is better integrated with Linux, it's smaller and faster, and while you can use it with other guests besides Linux, we found the experience to be quite troublesome : BSDs tend to have slow I/O and Solaris (OpenIndiana, to be exact) tends to panic immediately after booting the installation ISO. Since we use CURRENT versions of BSD (and compile/update the system from source often) and also need Solaris, we found VirtualBox to be a better option. virtualbox virtualization on linuxAnother plus for Oracle VirtualBox is the fact that it supports suspend, that is you can save the machine state on the host's hard disk and close VirtualBox and when (re)starting, the system will pick up from where it left. That is why we referred to source compilation : if you have a noisy machine you don't wanna leave on overnight but your Gentoo virtual machine just compiles a new gcc version, suspend the machine state, shut down the host and continue tomorrow.

Saturday, 23 March 2019 21:58

Penetration Testing with PowerShell Empire

Penetration Testing with PowerShell Empire teaches you how to harness the awesome power of Windows PowerShell to conduct modern enterprise computer attacks against high security networks. In this course, you will learn how to leverage all of PowerShell Empire's features and capabilities so that you can conduct realistic, high-value penetration tests in high security networks. If you're a pentester and you're not using Empire...you're doing it wrong! 

Saturday, 23 March 2019 21:16

What is Penetration Testing?

What is Penetration Testing?

Penetration testing is a type of security testing that is used to test the insecurity of an application. It is conducted to find the security risk which might be present in the system. If a system is not secured, then any attacker can disrupt or take authorized access to that system. Security risk is normally an accidental error that occurs while developing and implementing the software. For example, configuration errors, design errors, and software bugs, etc.

 

Why is Penetration Testing Required?


Penetration testing normally evaluates a system’s ability to protect its networks, applications, endpoints and users from external or internal threats. It also attempts to protect the security controls and ensures only authorized access.

Penetration testing is essential because −

Understanding the password-cracking techniques hackers use to blow your online accounts wide open is a great way to ensure it never happens to you.

You certainly will always need to change your password, and sometimes more urgently than you think, but mitigating against theft is a great way to stay on top of your account security. You can always head to www.haveibeenpwned.com to check if you're at risk but simply thinking your password is secure enough to not be hacked into, is a bad mindset to have.

So, to help you understand just how hackers get your passwords – secure or otherwise – we've put together a list of the top ten password-cracking techniques used by hackers. Some of the below methods are certainly outdated, but that doesn't mean they aren't still being used. Read carefully and learn what to mitigate against.

About this course

Learn Ethical Hacking from scratch with Metasploit , exploit vulnerabilities and become a white hat hacker

Sunday, 25 November 2018 11:23

Adobe Photoshop with in-depth

This certificate above verifies that Shaqis Aldi successfully completed the course Photoshop In-Depth: Master all of Photoshop's Tools Easily on 11/25/2018 as taught by Chad Neuman, Ph.D. on Udemy. The certificate indicates the entire course was completed as validated by the student.

Saturday, 24 November 2018 12:34

Design a Simple Flayers

Design a simple flayers for Mualamalat Bank to promo online banking.

Friday, 23 November 2018 21:15

Drupal 8 Site Building

Description : Summary about the course

Learn how to build powerful and flexible websites using Drupal 8

Drupal is a powerful CMS and can be used to create all sorts of websites. What makes it unique is how it’s built and customized.

When building websites using other CMSs, if you need some specific functionality, let’s say a business directory portal, you’ll often find a plugin which implements the functionality end-to-end. But if you want to modify something often these plugins, in other CMSs, they are difficult to customize.

Friday, 09 November 2018 14:46

Kali Linux Web App Pentesting Labs course

Kali Linux Web App Pentesting Labs course! This course will be 100% hands-on, focusing specifically on exploitation of vulnerable web applications. We’ll be building a lab environment consisting of Kali Linux, and several intentionally vulnerable web applications including Beebox, SQL injection labs, OWASP Juice Shop, and WebGoat.

Page 1 of 3