Welcome to SecurityDocs

A collection of 7,860 IT security white papers, carefully curated by professionals like yourself

Things You Should Know : Wireless Hacking Intermediate

by Shashwat Chaudhary

In the previous post in the 'things you should know' series I discussed Wireless Hacking basics. It's recommended that you go through it before starting this tutorial.

1 comment www.kalitutorials.net Pen Testing & Audits

Configure your web application pentesting lab

by Shashwat Chaudhary

In the previous tutorial, we set up our web application pentesting lab. However, it's far from ready, and we need to make some changes to get it working as per our needs. Here's the link to the previous post if you didn't follow that-

1 comment www.kalitutorials.net Pen Testing & Audits

Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals

by Ramesh Natarajan

iptables firewall is used to manage packet filtering and NAT rules. IPTables comes with all Linux distributions. Understanding how to setup and configure iptables will help you manage your Linux firewall effectively. iptables tool is used to manage the Linux firewall rules. At a first look, iptables might look complex (or even confusing). But, once you understand the basics of how iptables work and how it is structured, reading and writing iptables firewall rules will be easy.

1 comment www.thegeekstuff.com

Kali Linux : Touchpad issues - tapping, reverse/natural scrolling

by Shashwat Chaudhary

Since I've started using Kali Linux, I have often encountered problems with my touchpad. The problem can either be with tapping (tapping the touchpad doesn't result in a click, and I have to press the physical button), or with scrolling (two finger scrolling doesn't work). I have come across the following 3 fixes. At least one of them should work for you

1 comment www.kalitutorials.net Pen Testing & Audits

Things You Should Know : Wireless Hacking Basics

by Shashwat Chaudhary

This is the first post in a new series of posts that don't involve any real hacking (and hence don't require that you have Kali installed on your system), but instead explain concepts

1 comment www.kalitutorials.net Pen Testing & Audits

Abusing WebVTT and CORS for fun and profit

by Keith Makan

WebVTT is a way html5 developers can display and cue text as subtitles for video formats. The grammar for WebVTT is pretty simple and as we know browsers are always willing to forgive any "weird" looking grammar in an effort to provide best effort experience for users. This post looks at ways to take advantage of WebVTT in some attack contexts in order to extract information or perform general DOM abuse.

1 comment blog.k3170makan.com Detection & Response

Stealing Secrets with CSS : Cross Origin CSS Attacks

by Keith Makan

CSS Cross Origin attacks work by constructing CSS style-sheets from vulnerable pages and extracting sensitive information from these pages in the form of CSS property attributes. Vulnerable pages include anything page that allows an attacker to inject arbitrary printable unhindered alphanumeric text including braces, brackets and parenthesis; basically any subset of the ASCII table that allows you to construct valid CSS. Attacks with an even more restricted character set may be possible depen...

0 comments blog.k3170makan.com Detection & Response

Context based Entropy : How to use keyed-steganography

by Keith Makan

I have spoken to a couple of people about this idea, those who know a little bit about steg often tell me this idea is pretty cool so I'll make it a little more public, see who catches it and starts doing interesting things before i do. Not saying I came up with this first, totally happy to pass the torch if I am to do so. But I do believe this idea could revolutionize security, cryptography and introduce a level of steganography to communication channels that is as hard to break as a secret ...

1 comment blog.k3170makan.com Encryption & Authentication

Hardening The Linux Kernel With Grsecurity (Debian)

Security is based on three characteristics: prevention, protection and detection. Grsecurity is a patch for Linux kernel that allows you to increase each of these points. This howto was performed on a Debian Lenny system. Thus some tools are Debian specific. However, tasks can be performed with other distro specific tools or even with universal tools (make).

1 comment www.howtoforge.com

Laptop Security

by Ramanujam Narasimman

As the price of computing technology is steadily decreasing, devices like the laptops and mobile phones have become more common in use. Although these devices enhance the business functions due to their mobile access to information anytime and anywhere, they also pose a large threat as they are mobile and small. Wireless capability in these devices has also raised security concerns due to the information being transmitted over ether, which makes it hard to detect.

3 comments 16 minute read Detection & Response

Bettercap : MITM attack for sniffing traffic and passwords

by Shashwat Chaudhary

We will be installing Bettercap, doing a quick sniffing exercise, and then a more detailed section on grabbing the password. Will demonstrate the password grabbing on outlook.com, which seems to be particularly vulnerable to this attack.

1 comment www.kalitutorials.net

Stay anonymous while hacking online using TOR and Proxychains

by Shashwat Chaudhary

In this tutorial we will guide you how to stay anonymous while hacking online using TOR and Proxychains. Hiding your ass while hacking is easy just require some configuration which we will gonna see in this tutorial.

1 comment www.kalitutorials.net Pen Testing & Audits

About.me Cookie Based XSS

by Keith Makan

About.me suffered from a Cross Site Scripting flaw I found a few days ago. The interesting thing about this flaw is that it was cookie based. The following post details how I found it and what I did to confirm that it was exploitable, it also discusses some interesting points to consider when you find a XSS triggered by Cookie Values.

1 comment blog.k3170makan.com Pen Testing & Audits

How to hack WPS wifi using android

by Anox Prop

You know if you ask me, hacking a wifi network is easiest of the all hacking techniques. And Yes, it is Boring, time consuming and difficult to hack wifi when it comes to android. Because in android you don’t have much powerful resources and you don’t have many hacking attacks and don’t have lots of hacking tools like you do have in Laptop, Pc or mac. In Today’s post we are going to cover the topic “how to hack wifi with android”.

1 comment www.kalitutorials.net Pen Testing & Audits

Virtual Private Networks, Another Way To Ensure Privacy

by Shashwat Chaudhary

Put simply, a Virtual Private Network, or VPN, is a group of computers (or discrete networks) networked together over a public network—namely, the internet. Businesses use VPNs to connect remote datacenters, and individuals can use VPNs to get access to network resources when they're not physically on the same LAN (local area network), or as a method for securing and encrypting their communications when they're using an untrusted public network.

1 comment www.kalitutorials.net

How to hack facebook using kali linux : CREDENTIALS HARVESTER ATTACK

by Ayush Patidar

Do you know ,you can hack facebook password with one fake fb page(phishing). In this tutorial we will use Social Engineering tool i.e Credential Harvester attack in kali linux. All you need to do is follow the tutorial as it is to see the Credentials Harvester into the action.

1 comment www.kalitutorials.net Pen Testing & Audits

Hacking WPA/WPA2 without dictionary/bruteforce : Fluxion

by Shashwat Chaudhary

I hadn't ventured into Hackforums since a while, and this time when I went there I saw a thread about a script called Fluxion. It's based on another script called linset (actually it's no much different from linset, think of it as an improvement, with some bug fixes and additional options). I did once think about (and was asked in a comment about) using something like a man in the middle attack/ evil twin attack to get WPA password instead of going the bruteforce/dictionary route, but never l...

1 comment www.kalitutorials.net Pen Testing & Audits

Iptables Tutorial – Securing Ubuntu VPS with Linux Firewall

Iptables Linux firewall is used to monitor incoming and outgoing traffic to a server and filter it based on user-defined rules to prevent anyone from accessing the system. Using Iptables you can define rules which will allow only selective traffic on your server. In this Iptables tutorial, you will learn how to secure your web application using Iptables.

1 comment www.hostinger.com

Kali Installation : Dual Boot VS Live Boot VS Virtual Machine

by Shashwat Chaudhary

If you are yet to have a Kali instance running on your machine, then you have quite a dilemma ahead of you. There are three ways to go about running Kali, each with their own advantages and disadvantages. In this article, I'll tell you what exactly the terms Dual Boot, Live Boot, and Virtual machine installation mean, how easy/difficult these are to perform, and what are the advantages/disadvantages of each of them. In the end, I'll tell you how to find guides for doing all of these.

1 comment www.kalitutorials.net Pen Testing & Audits

Install Kali Linux On Raspberry Pi 3 : Creation of a Hacking Machine

by Shashwat Chaudhary

In this tutorial, we will tell you how to install kali Linux on raspberry pi 3. Raspberry pi is a single board small computer which is portable as well. Raspberry pi 3 is the third generation Raspberry Pi. It will cost you around $35-$40 (totally worth it). It will come with handy specs.

1 comment www.kalitutorials.net Pen Testing & Audits

Subscribe

We'll send you a carefully curated list of the best IT security white papers to your mailbox every Friday.