Below is a general methodology on how one would begin a pentest. Do more research on your own to get the technical and legal details that are required: Get permission to attack the target in writing. If you don’t receive permission, do NOT proceed. Use a search engine to see what comes up for your […]
Monthly Archives: July 2016
InfoSec Questions Asked on Recent Phone Interview
1. What would it mean if I saw a lot of activity on port 53? First of all you need to find what is the source of traffic. Try something like: netstat -a -n -p|grep :53 or this: lsof -p PID 2. What is the diff between http and html? One is a protocol and […]
What is sqlmap?
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. sqlmap – automatic SQL injection tool root@kali:~# sqlmap -h Usage: python sqlmap [options] Options: -h, –help Show basic help message and exit -hh […]
How would you assess the security of third party vendors with access to your organization?
If a third party vendor has access to your organization and the vendor gets hacked, your company is at risk of losing vital data, confidential employee data and contact lists, and the consequences can range to damaged reputation, stockholder sellouts, insurance claims, extensive financial damage and possibly even bankruptcy. Remember these steps to reduce the […]
What do some obscure Linux commands stand for?
In case you ever wondered what some obscurely named Linux commands stand for, like awk, grep, etc., click here.