Ethical Hacking

sqlmap: Sucking Your Whole Database Through a Tiny Little Straw

Hacking seemed like an arcane art, only mastered by those willing to spend years pouring over dusty tomes of x86 assembly language manuals and protocol RFCs.  It did not occur to us that many of the vulnerabilities could be exploited by anyone with basic web development coding skills and the willingness to spend a few hours on research. One of these mysterious incantations was the dreaded “SQL Injection” attack.  What exactly could one do with a SQL Injection attack, anyway?  No one was quite sure, but since our software was going into a secure military installation, we were pretty sure that the perimeter defenses would prevent anyone from harming it.

A Penetration Testing Career – Do You Have What It Takes?

Penetration testing, also known as ethical hacking, is one of the hottest jobs in tech today. What other career lets you pretend you're in The Matrix, working your way into systems like a top-level hacker, all without breaking any laws. Oh, and you're getting paid for it.With a real-world penetration testing job, though, you're not just playing at hacking into systems. You actually are hacking into systems, and your employer's very existence may depend on your ability to do it.

Web Application Penetration Testing: Why It’s Necessary and What You Need to Know

Web applications are the critical systems of many networks. They store, process, and transmit data. They are also vulnerable to hackers who can find vulnerabilities. So, the question becomes how secure is your network? And how comprehensively has it been tested?

Offline Password Cracking: The Attack and the Best Defense

Offline Password Cracking is an attempt to recover one or more passwords from a password storage file that has been recovered from a target system.  Typically, this would be the Security Account Manager (SAM) file on Windows, or the /etc/shadow file on Linux.  In most cases, Offline Password Cracking will require that an attacker has already attained administrator / root level privileges on the system to get to the storage mechanism. 

Online Password Cracking: The Attack and the Best Defense Against It

Online password cracking has advantages and disadvantages.  It is effective if executed properly. There are numerous defenses to prevent attackers from cracking your passwords.

ECSA Review by a Senior Penetration Tester

ECSA Certification review by Daniel Sewell, Sr. Penetration Tester for Alpine Security. The EC-Council Certified Security Analyst (ECSA) certification consists of both a hands-on practical penetration test and a multiple choice exam.

7 Steps to Hack a Target with Virtually No Experience

Armitage (Metasploit GUI) makes hacking easy. All you need is a vulnerable target and a working exploit in Metasploit. The "Hail Mary" tries all potential exploits against a target, requiring you to know next to nothing about the vulnerabilities or exploits.