DMitry tool

Kali Linux Day 2: Information Gathering tool: DMitry

What is DMitry?

DMitry or (Deepmagic Information Gathering Tool) is a tool found in Kali Linux that automates some of the commonly used methods in order to gather information about a specific host or target.

Read More »

Advertisements
acccheck tool from Kali Linux

Kali Linux Day 1: Information Gathering: acccheck tool

What is acccheck?

acccheck. An information gathering tool from Kali Linux.

acccheck is a tool written by Faiz which connects to hosts and tries to identify a legitimate combination of username and passwords using a username and password list or dictionary file.

Read More »

A short introduction to Kali Linux

IT security – it is one of the major things that we should be looking at in our daily lives. Since most of our information is constantly being converted into digital form, using secure technologies and doing the best practices when it comes to security is a must do.

Today, we will look at a tool used by some of our IT security practitioners. This is a tool used to secure common IT infrastructures and do security testing. This tool is Kali Linux.

Read More »

AV comparatives report: November 2016 anti-virus performance

Below is a quick view of the results of the AV comparatives anti-virus real world performance report as of November 2016. For those of you who wants the read the digital copy, you can go here.

TLDR: As of November 2016, F-Secure, Avira, Bitdefender, and Trend Micro holds the 99.9% protection rate tier.

Real world protection test: Summary results
Real world protection test: Summary results*
Real world protection test: Summary results chart
Real world protection test: Summary results chart*

*courtesy of AV-comparatives.org.

VPNs are somewhat evil?

I have stumbled upon this article from Search Security which gives me questions when using VPNs.

The Same Origin Policy is commonly circumvented by clientless SSL VPNs; the VPNs draw content from all over the Internet and present it to the client as though it came from the same origin, thereby allowing scripts from various sites to interact. This is dangerous because a malicious script from a compromised site could interact with a script from a legitimate site without restriction, potentially leading to malware infections or sensitive data being compromised.

In short using VPN is not as secure as what you think. You can find the whole article of here which is quite a read. It teaches you Same Origin Policy using just a few words.

 

Great Read: The perils of Cross-Site Scripting

XSS Attack Overview | Courtesy of www.acunetix.com

I have been searching the internet for a website that could easily describe the perils of cross site scripting (XSS). Of course some of you out there will argue that I should have visited OWASP. Yes. I have visited OWASP. However, I am still hungry for more information and I am looking for a website that will explain to me what I can do with cross site scripting is even if I am just a newb on web technologies and languages. So after doing some ctrl + click on some links provided by Google, I’ve managed to find the website of Jason Dean which discusses cross site scripting – What is possible with XSS? | 12Robots.com.

According to him, there are several things that you can do with XSS namely:

Read More »