Blog

Penetration Testing Wiki

Faradaysec 3.0

Faradaysec

Faradaysec is a penetration testing IDE. How to run Faraday < 2.7 To run the server: Check: To run the client: How to run Faraday v3.0 First run server: Second, run client: Check: How to access the UI: http://127.0.0.1:5985/_ui/ For more info go to https://github.com/infobyte/faraday/wiki and https://faradaysec.com/ Next section, to customize your shell: ZSH

ZSH

Useful frameworks to beautify your zsh shell: https://ohmyz.sh/ https://github.com/robbyrussell/oh-my-zsh Manual installation of oh-my-zsh: >> ZSH_THEME=”random” Cool themes: mortalscumbag To know more about how to use zsh shell and oh-my-zsh integrated within Faradaysec.

RCE

RCE stands for Remote Code Execution. It is the most critical type of vulnerabilities as it means that an attacker can execute arbitrary code and take ownership of a remote account or machine.

exploit kit

An exploit kit or exploit pack is a type of toolkit cybercriminals use to attack vulnerabilities in systems so they can distribute malware or perform other malicious activities. Some known exploit kits are mpack, neutrino, angler, magnitude, RIG, nuclear, phoenix or crimepack. Usually are sold in the dark market using a subscription model (i.e. 500…
Read more

exploit

An exploit is a program or system designed to take advantage of a particular error or security vulnerability in computers or networks. Look also exploit kit.

CTF

A Capture the Flag (CTF) is a computer security competition. CTF contests are usually designed to serve as an educational exercise to give participants experience in securing a machine, as well as conducting and reacting to the sort of attacks found in the real world. Usually are structured in different levels, and each level has…
Read more

bug bounty

A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. The most important ones are: https://www.bugcrowd.com https://www.hackerone.com https://bountyfactory.io For each vulnerability sent that is eligible for bounty (i.e. it is inside the scope…
Read more

0day

Zero day or 0day is an exploit that has been released or leaked to the public before the vendor has submitted a patch for the vulnerability. That means that is being used in-the-wild by threat actors.

blue team

Blue team is an specialized group of cybersecurity professionals, experts in threats identification, cybersecurity incidents analysis, remediation and forensics. As opossed to the red team, blue team has to identify, detect and prevent cyberattacks. Usually they work inside a SOC (Security Operations Center) in 24×7 shifts. They constantly monitor SIEM and other sources of information…
Read more

red team

A red team is an offensive group of cybersecurity experts that inside an organization tries in a covert manner to gain information through several techniques as social engineering, phishing, etc and compromise several parts or completely the organization. Its counterpart is the blue team.