Tuesday, 21 March 2023

SynAck Red Team Asssessment - Intro

Application

  • Several web applications
    • Need to complete all
  • Three infrastructure hosts
    • Need to complete all

Information

  • Requires web pentest techniques
    • Requires information gathering
    • Fuzzing host files
    • Bypass specific tweak flawed
    • Knowledge of exploiting flaws
  • Requires host pentest techniques
    • Tools for port scans
    • Scans for services expose
    • Exploiting vulnerabilities
    • Privilege escalate issues found

Exploit

  • OWASP Top 10 knowledge
  • Kali Linux tools usage
    • Nikto
    • Dirb
    • Metasploit
    • Burpsuite Free Edition
    • NMap

No comments:

Post a Comment

Friday Fun Pentest Series - 42 - Current Password not Required when Changing Password - flatpressv1.4.1

Description - It was noted that the application did not require the current password for the password change functionality Current Password ...