Tuesday, 21 March 2023

SynAck Red Team Asssessment - Intro

Application

  • Several web applications
    • Need to complete all
  • Three infrastructure hosts
    • Need to complete all

Information

  • Requires web pentest techniques
    • Requires information gathering
    • Fuzzing host files
    • Bypass specific tweak flawed
    • Knowledge of exploiting flaws
  • Requires host pentest techniques
    • Tools for port scans
    • Scans for services expose
    • Exploiting vulnerabilities
    • Privilege escalate issues found

Exploit

  • OWASP Top 10 knowledge
  • Kali Linux tools usage
    • Nikto
    • Dirb
    • Metasploit
    • Burpsuite Free Edition
    • NMap
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Friday Fun Pentest Series - 46 - Stored Cross-Site Scripting (XSS) via SVG File Upload - totaljsv5013

Description - It was noted that the applications file upload functionality was vulnerable to Stored Cross-Site Scripting (XSS) via an SVG im...