Truvantis Blog

Social Engineering Within Pentesting

Pentesting the People; social engineering is an easy vulnerability

When it comes to penetration testing of an enterprise, you instantly think about all the cool tools and tactics used to enumerate the target and locate a possible vulnerability that could be exploited to gain entry to that enterprise’s internal network. Have you ever thought about one of the biggest possible vulnerabilities that control the front doors of your enterprise? People. Every pentesting engagement should include some sort of physical and social engineering aspect. You can have the strongest perimeter in the world, but if your physical security team or the people manning your phone systems are susceptible to a social engineering attack, you can get breached very quickly.

Read More

Topics: Penetration Testing

Just Walk in the front door

As an aspiring penetration tester, it is not always the extensive rootkits or the backdoor metasploit exploits that you need to focus on with every testing engagement. Sometimes, the best way in is to just try the front door. If you can learn to master a simple, repeatable process of testing the login screens of any application, device or account, you will save yourself time and effort with establishing the scope of an engagement.

Read More

Topics: Penetration Testing

The Secret Behind VI edit permissions

The art of penetration testing is one that takes a lot of fore-learned knowledge about a specific technology and system in order to really understand how they can be exploited. There are many loopholes that will allow potential malicious actors an opportunity to breach your systems. As a pentester, you want to continue to learn and build this playbook of checks to quickly execute within every engagement. One particular vulnerability that should be in every pentesting playbook is through the Linux OS and more specifically the file config editing tool called “VI”.

Read More

Topics: Penetration Testing

Hiding in plain sight: 3 Quick Checks for Low Hanging Fruit

Being able to quickly knock out the low hanging fruit vulnerabilities as a pen-tester is just having the knowledge that they exist and finding quick way to check for them. Here are a few quick hit, low hanging vulnerabilities that could provide the biggest kickoff point when doing an investigation.

Read More

Topics: Penetration Testing

Nmap sees all things

A big part of penetration testing is recon and discovery. If you cannot properly identify the network you are testing, you may be missing possible avenues into the infrastructure. Nmap is a command line solution that takes the stress out of this for you. There is also a GUI interface version called Zenmap that provides the same functionality.

Read More

Topics: Penetration Testing

Top 5 free pentesting tools for quick results

Being able to accurately perform a pentest on a network that you are not familiar with takes both knowledge about the underlying infrastructure (to be able to navigate) and the proper tools for the job. Just like a construction worker has his toolbox of tools needed to perform his duties, so will you. Here are my top 5 that are highly recommended in the industry.

Read More

Topics: Penetration Testing

Subscribe to Email Updates

Recent Posts

Contact Us