search
top

Namechk – A Domain Searching & Recon Tool

Namechk –  A Domain Searching & Recon Tool

So I came across a new tool that I found particularly interesting. And, especially for someone that may be working on a pen test during the recon stage. Recon is very important, since it allows you to gather as much intel as possible before you start to look for weaknesses.

What is the tool?

I came across a website called Namechk (https://namechk.com). And, started to realize the power it gives you when conducting recon for particular companies or people. This site basically allows you to search for company names and personal names of people. Now the site isn’t made to conduct recon on anyone or any entity. But, it seems like some cyber security analysts and pen testers are starting to utilize it for recon purposes. And, why not? It’s a tool and various tools can be used for various purposes.

What is its real purpose?

Read The Full Post

Passing The GWAPT Exam

Passing The GWAPT Exam

So, I finally went for it and attempted the GIAC GWAPT exam and passed it! I’ve been conducting some pen tests prior to taking the SANS SEC 542 course and the GWAPT exam. The course taught me many new things, and gave me a new perspective, and insight when it comes to web application pen testing. This blog post is to share my experience on how to best prepare for taking the GWAPT exam.

Should I take this exam or challenge the GWAPT ?

Many people will ask themselves this very same question. The best answer really depends on what your career goals are for your future. If you plan on being a pen tester, then this is a must at least if you are new or an intermediate to web pen testing. These days the Internet is filled with web applications, and now with more data and applications placed in the cloud. WebApp pen testing is a skill in demand and will be needed to test anything open to the public via the cloud.

Studying

Read The Full Post

Wappalyzer – Identify technology on websites

Wappalyzer – Identify technology on websites

During one of my SANS vLive courses I am currently taking part in. My instructor introduced us to a nifty tool called Wappalyzer. He said he does use it as “one” of his tools of arsenal for pentesting servers and websites. I decided to take a look for myself since it wasn’t part of our SANS course. And, when you have a SANS instructor discussing a tool they use… well you just can’t go wrong by checking it out for yourself.

Finding technologies on a website

One of the most important aspects of pen testing online is to conduct proper recon. You need information to be able to devise a plan to more forward with the pen test. Information gathering is key and Wappalyzer can definetly help with recon. I decided to use Stealthbay.com as an example to see what type of technologies would show up. (more…)

top
Secured By miniOrange