Blog

Penetration Testing Wiki

Google Play Store

How to search Android apps in other countries

Imagine that you are looking for pentest apps in the Google Play Store, that’s the URL you got: https://play.google.com/store/search?q=pentest By default, Google only shows you apps that are available in your region. But it might be the case that you are interested to look for android apps in a particular region. For that, just add…
Read more

xp_cmdshell reverse shell

🔝 How to get a xp_cmdshell reverse shell

In a pentesting engagement, if you got the credentials of the MS SQL SERVER you can easily execute any command on the database server with nmap NSE script, ms-sql-xp-cmdshell: You have to substitute the following parameters of the above command: mssql.username mssql.password ms-sql-xp-cmdshell.cmd If you want to execute a reverse shell to connect back to…
Read more

Cybersecurity Android Apps

Android APK security analyzer

There are several security analyzers for Android apps. Mainly there are two categories, you can analyze a running app directly on the mobile phone or an emulator, this is called dynamic analysis. Or, you can retrieve the APK from the Play Store or directly from the phone and analyze it independently, this is called static…
Read more

asp.net viewstate decoder

🔝 How to decode ASP.NET VIEWSTATE

Sometimes when doing web pentesting against an ASP web application is useful a tool like this: For that, I developed a small tool to easily decode ASP.NET __VIEWSTATE variables without having to install the viewstate module into the system with administrative privileges and be able to decode the variables with a small script using a…
Read more

PentestWiki Quiz

🔝 PentestWiki Quiz Android app

🏆 Just published my first Android app to learn ethical hacking! PentestWiki Quiz (Still beta! Not finished yet but a good sample questions. Have a look and let me know!) https://play.google.com/store/apps/details?id=com.defensahacker.pentestwikiquiz

🔝 How to use Nuclei for vulnerability scanning

Nuclei is a tool developed by Project Discovery team, as they say it is a Fast and customizable vulnerability scanner based on simple YAML based DSL. It is similar to Nmap NSE script engine but much more easy to develop as only uses YAML files. First of all, in order to install nuclei you need…
Read more

The Rise of the Chief Product Security Officer (CPSO)

Watch below the AppSec’s Future and the Rise of the Chief Product Security Officer by Joshua Corman and Chris Wysopal:

NIST best practices to prevent and mitigate ransomware attacks

Ransomware is a big threat to any company or corporation. In a matter of minutes all data from servers, workstation, laptops can be encrypted and most probably lost. Also worth to mention that ransomware attacks, can exploit some unpatched Windows vulnerability but most of the times are triggered by employees executing some weird attachment while…
Read more

How to scan a host with RustScan

When performing a penetration test, one of the most crucial parts is scanning and enumeration. Because if you lose any important port at this stage, you are letting go a juicy part of the attack vector to compromise the machine. Nmap is the standard-de-facto for port scanning, however it’s great to know that there are…
Read more

How to download Windows legally for FREE for your pentesting labs or malware analysis

Sometimes we need a fresh Windows to use it as a Sandbox, try some exploits, etc… the best method is to virtualize it using VirtualBox or VMware, but how to do it without not buying a license everytime 🙂 Here is the solution: https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ Please note that these virtual machines expire after 90 days, but…
Read more