First of all let’s show the differences between the part of the internet that can be indexed by traditional search engines and easily accessible from the internet and the whole other “hidden” part. The entire web is divided into the following parts: Surface Web: it is the part of the web that is easily accessible… Continue reading What is the dark web and how to access it
Category: What to do for
Updating kernel in Gentoo Linux
Updating kernel in Gentoo Linux The kernel is the heart of an operating system. It provides secure and controlled hardware access to running processes. It can therefore be understood how important it is, in terms of IT security, to update the kernel. Here are the commands to update the kernel in Gentoo OS. Once you… Continue reading Updating kernel in Gentoo Linux
A little bit about Gentoo Linux
A little bit about Gentoo Linux In my opinion one of the most fascinating linux-based operating systems is Gentoo Linux. Any respected Nerd should have managed to install and update Gentoo as well as try to solve on their own the various problems that arise during the previous two phases. The main feature of this… Continue reading A little bit about Gentoo Linux
How to enumerate subdomains
During a pentest on a web server it can certainly be useful to enumerate the victim’s domain to see if there are any subdomains, in order to test everything. To do this you can use the following main methods: — Dns zone transfer — With this method it is possible to take advantage of the… Continue reading How to enumerate subdomains
Hide malicious shell in image file
Many times, uploading a malicious file (such as a .php reverse shell) to the victim machine, and making it work, is not so obvious. The victim’s web administrator may have set filters to help determine the types of files that can be uploaded to their server. In fact, a good web administrator allows you to… Continue reading Hide malicious shell in image file
Why use a VPN
VPN stands for VIRTUAL PRIVATE NETWORK. VPN is a virtual network which guarantees privacy and increases security on browsing data.
Create your own website with wordpress.org – starting from scratch
Creating your own website is not something reserved for programmers and web designers. If you have some nice ideas that you would like to put online in the vast world of the internet, below I will list the various steps to do so, from registering a domain to finding a hosting service and installing and… Continue reading Create your own website with wordpress.org – starting from scratch
Shell spawning
Once you get a shell on the linux victim machine this shell could be without TTY (terminal connection) and most likely to go on with the penetration test you will need to spawn TTY shell. In fact, a shell without the TTY functions does not allow you to perform important things such as the simple… Continue reading Shell spawning
Reverse Shell one liner – how to do it
If during a penetration test you discover an RCE (Remote Code Execution) vulnerability most likely what you need is to run a Reverse Shell to gain more control over the victim machine. An RCE is a vulnerability that allows you to execute commands on the victim. And this is why if I activate a listener… Continue reading Reverse Shell one liner – how to do it
DOM XSS attack
DOM XSS attack In short, Document Object Model (DOM) is the hierarchical structure objects of an HTML document, generated by the web-browser to represent the document. The utility of DOM is to easily access the contents of the document. An example of a simple structure of a DOM is the following: W3C defines… Continue reading DOM XSS attack