Pentestwiki

The most comprehensive free Penetration Testing Wiki

ArticlesBlog

pentestwiki.org is a wiki dedicated to professional penetration testing, offensive security and ethical hacking knowledge, techniques, tools and everything related. It is based in standards such as PTES, CEH, OSSTMM among others.

New YouTube channel

Subscribe!

INFRASTRUCTURE PENETRATION TESTING

The most important foundation in Penetration Testing and Read Team Operations based on standards such as PTES, CEH, OSSTMM among others

● PHASE I: Reconnaissance

● PHASE II: Scanning

● PHASE III: Enumeration

● PHASE IV: Exploitation

● PHASE V: Post exploitation

● PHASE VI: Covering Tracks

● PHASE VII: Lateral Movement

WEB APPLICATION PENETRATION TESTING

Learn how to perform Web Application Penetration Testing to test websites, APIs, SQL injections, SSL/TLS attacks and OWASP TOP 10

Intro to web application testing

Types of Web Application Attacks

OWASP TOP 10 explained

Attacks on SSL/TLS protocols

Webpentest through SOCKS proxy

Tools for Web Penetration Testing

MOBILE APPLICATION PENETRATION TESTING

Learn how to hack mobile apps for Android and iOS and protect them against tampering

Static Analysis for Android and iOS

Dynamic Analysis for Android and iOS

Protections to mitigate attacks

RED TEAMING

Red teaming tools to test defensive systems and simulate advanced attacks

Tools and Frameworks for RED TEAMS

Tools and Frameworks for BLUE TEAMS

Tools and Frameworks for APPLICATION SECURITY

Latest from blog

Because Computer Security matters…

Cybersecurity Android Apps

Hacking Android apps in Windows with Frida (Part I)

Frida is a dynamic instrumentation toolkit to debug and analyze processes in multiple platforms (Windows, Linux, MacOS, Android, iOS, …). First thing before install frida-tools, you we’ll need python 3.x[…]

Read more

Fuzzing with Radamsa in BlackArch

Radamsa is a test case generator, it receives some input data and then it scrambles it to return some random data. Random is truly random, that means that you can[…]

Read more

Best Portswigger Burpsuite Pro plugins in 2021

protobuf decoding https://github.com/nccgroup/blackboxprotobufJ2EEScan https://portswigger.net/bappstore/7ec6d429fed04cdcb6243d8ba7358880ParamMiner https://portswigger.net/bappstore/17d2949a985c4b7ca092728dba871943Upload Scanner https://portswigger.net/bappstore/b2244cbb6953442cb3c82fa0a0d908faRetire.js https://portswigger.net/bappstore/36238b534a78494db9bf2d03f112265cMsgpack https://portswigger.net/bappstore/c199ec3330864d548ff7d6bf761960baTurbo Intruder https://portswigger.net/bappstore/9abaa233088242e8be252cd4ff534988 More on https://pentestwiki.org/tools-for-web-penetration-testing/

Read more
SEE ALL BLOG POSTS

About DEFENSAHACKER

Jacobo Avariento

Founder & Hacker-In-Chief

With more than 15 years in the cybersecurity industry as a consultant and penetration tester working for top tier banks, the European Central Bank, pharmaceutical, automotive and gaming companies.

Contact me

About me

I have a Master’s Degree in Computer Science and specialized in cybersecurity in 2001. Back then, I was an independent security researcher. I have worked from 2009 as a cybersecurity consultant, specializing in penetration testing for the banking and financial services industry in 2015.

I hold Certified Ethical Hacker (CEH) and Offensive Security Certified Professional (OSCP) certifications.OSCP Certification

CEH Certification

© 2021 DEFENSAHACKER Academy