June 19th, 2011 
Mourad Ben Lakhoua theHarvester is a Computer-based social engineering tool for gathering e-mail accounts, user names and hostnames/subdomains from different public sources like search engines and PGP key servers. This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective. The sources supported are: Google – [...]
June 18th, 2011 Mourad Ben Lakhoua Legal hacking is possible as you can create a vulnerable platform to test any new vulnerability without breaking Lows. Person that is looking to test his skills without thinking about proxies or hide his activities and test new web exploits can consider BodgeIt. BodgeIt Store is a vulnerable web application which is currently aimed at [...]
Posted in Tools, Vulnerabilities, Web Security 
Tags: ApplicationSecurity, BodgeIt, Developer, hacking, JSP, OWASP, penetration, Pentesting, Security, Testing, Vulnerable, WebApplication, WebAppSec 
67 Comments » June 12th, 2011 Mourad Ben Lakhoua Getting the information about website configuration and version is important during penetesting any web application, for this purposes you can consider WhatWeb. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. It has over 900 plugins, each to recognize something different.it also helps to [...]
June 4th, 2011 Mourad Ben Lakhoua New version of John The Ripper has been released, John the Ripper is a free password cracking software tool. Initially developed for the UNIX operating system, it currently runs on fifteen different platforms (11 architecture-specific flavors of Unix, DOS, Win32, BeOS, and OpenVMS). It is one of the most popular password testing/breaking programs as it [...]
Posted in Pentesting, Tools Tags: Password Hacking, Password recovery, Pentesting, Tools 59 Comments » June 1st, 2011 Mourad Ben Lakhoua Web Application Attack and Audit Framework (w3af) released a new stable version, the project aims to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. In this latest release we find some important improvements include: Stable code base, an improvement that will reduce your w3af crashes to [...]
March 25th, 2011 Mourad Ben Lakhoua New standard for penetration testing has been created with a wide set of rules to improve ethical hacking work and penetration testing mission. Penetration Testing Execution Standard – PTES is the name of this standard that will help to have a clear path for pentester to check different vulnerabilities and provide customers a high quality [...]
Posted in Best Practices, Pentesting Tags: Ethical Hacking, Penetration Tester, Pentesting, PTES, Standards 18 Comments » December 14th, 2010 Mourad Ben Lakhoua We already shared the PowerShell security policies and protection measures that are used by Microsoft, as a reminder there are 4 levels of execution policies that can help in securing different script execution. Now that post has been mostly focused on system security administrator benefit but what about hackers, do they have benefits for PowerShell [...]
Posted in Operating System, Pentesting, Vulnerabilities & attacks Tags: DefCon, DefCon18, Metasploit, Pentesting, PowerShell 11 Comments »
