Skip to main content

How to Perform DDoS Test as a Pentester

A denial of service (DoS) attack is an attempt to make a service unavailable. Unlike other kinds of attacks, which establishes foothold or hijacks data, DoS attacks do not threat sensitive information. It is just an attempt to make a service unavailable to legitimate users. However, sometimes DoS might also be used for creating another attack floor for other malicious activities. (e.g. taking down web application firewalls) Read More

Phishery – Domain Credential Theft via Social Engineering

Identifying the employees of the target organization via social media platforms such as Linkedin and sending related attractive mails comes first in the social engineering attacks. By tracking down social media, an adversary may understand most interesting topic about targeted company’s employees. After from that point, adversary may send out a phishing e-mail to the selected employees in order to steal a valid domain credentials. Read More

Data Exfiltration (Tunneling) Attacks against Corporate Network

Data exfiltration, also called data extrusion, is the unauthorized transfer of data from a computer. These type of attacks against corporate network may be manual and carried out by someone with USB or it may be automated and carried out over a network. In this article, we will focus on a network based data exfiltration techniques that must be covered during penetration test. Read More