"Security" tag
A network

Nessus with Metasploit — Track and Hack

Networks play an important role in a sysadmin’s life. But have you ever wondered about the security of your network, or tried to find out how vulnerable it is? Let’s discover how to…

Nmap scripts

Advanced Nmap: NMap Script Scanning

In previous articles, we have studied NMap in great detail, including live scanning a firewall and verifying the recommendations. Now, it’s time to study NMap script scanning. Nmap.org describes the Scripting Engine (NSE)…

Locked!

Securing Apache, Part 7: Fool-proofing the Server OS

Moving deeper into Web application and Apache security, let’s now focus on OS commanding attacks, and those that lead to the disclosure of crucial information and server directory paths. The attacks described below…

Let us back track for a while

Digital Forensic Analysis Using BackTrack, Part 1

Digital forensics, the art of recovering and analysing the contents found on digital devices such as desktops, notebooks/netbooks, tablets, smartphones, etc., was little-known a few years ago. However, with the growing incidence of…

Verify firewall security

Advanced Nmap: Scanning Firewalls Continued

The previous article detailed methods to scan an IPCop-based firewall in a test environment. The scan output revealed several open ports, which could lead to various vulnerabilities. Based on the scan results, several…

VNCInjection with courtesy shell enabled, by default

Metasploit 101 with Meterpreter Payload

The Metasploit framework is well known in the realm of exploit development. It is a standalone tool for security researchers, penetration testers and IDS/IPS developers. As of now, it has 640 exploit definitions…

Secured!

Securing Apache, Part 6: Attacks on Session Management

In this part of the series, we are going to concentrate on attacks on session management. Application-level attacks on the session is about obtaining or manipulating the session ID without any prior information…

Firewall Scan

Advanced Nmap: Scanning Firewalls

After four articles on Nmap [1, 2, 3 & 4], which explained a number of command-line options for scan technique specification, target specification, port specifications, host discovery, evasion techniques, etc, it is time…

Secured!

Securing Apache, Part 5: HTTP Message Architecture

In the last four articles in this series, we have discussed SQL injection, XSS, CSRF, XST and XSHM attacks, and security solutions. This article focuses on attacks exploiting the HTTP message architecture in…

Scan time!

Advanced Nmap: FIN Scan & OS Detection

Nmap is a fantastic tool, and I just can’t refrain from praising it, every time I use it. The earlier articles in this series have detailed many important Nmap scan types. Let us…

All published articles are released under Creative Commons Attribution-NonCommercial 3.0 Unported License, unless otherwise noted.
Open Source For You is powered by WordPress, which gladly sits on top of a CentOS-based LEMP stack.

Creative Commons License.