Introduction: Why is an Android hacking lab necessary? In this article, I will show you how you can easily set up you own Android hacking lab that is ready to start learning, practicing and testing Android applications of your customers. With the huge market of mobile applications, knowing how to test Android applications for security …
Hello ethical hackers. Today, I will go through the red team training courses and certifications I took this year. If you would like to pursue a career in red teaming and don’t know which certifications to take, this is for you. Why Red team training? First of all, let me tell you why I chose …
Hello Ethical Hackers! Today I share with you the best hacking books I enjoyed reading since the beginning of my career in Information Security! I will constantly update the list as I read more, but you already have enough hacking books to get you started in the information security industry. It also contains some advanced …
Hello dear ethical hackers, welcome to this new blog post about red teaming. Today, I will give you my honest review of CRTO (certified red team operator certification) from Zeropoint Security. A brief context In the middle of this year, I tackled the Rastalabs Pro lab on hackthebox.eu. Like the Offshore lab, my biggest complaint …
Sometimes during security engagements, ethical hackers need to crack passwords. However, not all of them have the skills and the resources required to achieve it. Therefore, they might miss interesting attack surface that could make the difference between success and failure in the engagement. In this article, we will explore many key concepts that revolve …
With the increase of Cloud Computing adoption, many penetration testing labs are emerging every day. From small challenges to enterprise-scale infrastructure, I am sure you will find the right penetration testing lab that suits your level of skills and your career path. Today, I will review the Offshore lab from HacktheBox based on my experience. …
JavaScript Enumeration is a critical skill to have if you want to level up your penetration testing or bug bounty hunting game. Yet, not everyone does it, partly because it is a boring exercise or it consumes most of your time, not to mention how intimidated you might feel reading someone else’s code. Today, we …
In this exhaustive guide, you will find all you need to know about bug bounty hunting based on my experience as a bug bounty hunter and a triage analyst who handled tens of thousands of bug bounty reports. We will explore the bug bounty history and its ecosystem, understand what to expect, Imagine a world …
I’ve been asked a lot about Jira vulnerabilities. In this article, I compiled the publicly available Jira exploits I could find to help you when you are doing bug bounty hunting or penetration testing. However, I should mention that you need to have some basic understanding of how web applications work and how to exploit …
Hello ethical hackers! Today I share with you an account takeover I achieved during a recent penetration testing of a web application. For those who don’t know know what an account takeover is, there is a dedicated section for that. From there, I will explain how I enumerated all the endpoints. Then, I will walk …