How to Detect and Avoid Phishing

On our previous post, we already talked about phishing. Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy company. Phishing is an example of social engineering techniques used to trick users, and exploits weaknesses in current web security. This time, we will tell you how to avoid it by detecting it first.

Continue reading

Footprinting a Webserver

Before we do footprinting, we have to understand what footprint is. Footprinting (also known as reconnaissance) refers to the process of collecting as much as information as possible about the target system to find ways to penetrate into the system. Information such as ip address, Whois records, DNS information, an operating system used, employee email id, Phone numbers etc is collected. These information is very useful to a hacker who is trying to crack a whole system.

Continue reading

Web Application Fingerprinting

One of the first tasks when conducting a web application penetration test is to try to identify the version of the web server and the web application. It allows us to discover all the well-known vulnerabilities that are affecting the web server and the application.This process is called web application fingerprinting and in this article we will see how to perform it.

Continue reading

What is Social Engineering and How Does it Work?

Social engineering is still one of the most common means of cyber-attack, primarily because it is highly efficient. To criminals, the user is the weakest link in the security chain. Social engineering is one of the biggest problem in IT security today. It’s so effective because it targets at the human level as opposed to the technical level. While you can patch up technical vulnerabilities, it’s way harder to address vulnerabilities caused by human error. An education process is vital for end users to understand the dangers of social engineering and to avoid falling for such scams.

Continue reading

How to Utilize Search Engine with Google Search Operators

What is Google search operators? According to moz.com, Google search operators are special characters and commands (sometimes called “advanced operators”) that extend the capabilities of regular text searches. Search operators can be useful for everything from content research to technical SEO (Search Engine Optimization) audits. In a word, It is an act of searching using Google search engine to find anything that is left behind by system admin or web developer, that is not meant to be public consumption.

Continue reading

Enumerating Target Using WPScan

In this section we will talk about how to enumerate our target using WPScan. So, what is enumeration? According to Tutorialspoint.com, Enumeration belongs to the first phase of Ethical Hacking, i.e., “Information Gathering”. This is a process where the attacker establishes an active connection with the victim and try to discover as much attack vectors as possible, which can be used to exploit the systems further. In a nutshell, enumeration can be used to gather information.

Continue reading

Installing Kali Linux as a Virtual Machine

To do a penetration testing we are going to install some penetration testing tools. We will use an operating system called Kali Linux. It’s just a flavor of Linux based on Debian, and it comes in with all the programs and the applications that we need to use pre-installed and pre-configured. This means that we can just install this operating system and then start learning our hacking.

Continue reading