Web

This module takes you from basic reconnaissance to advanced information-gathering techniques specifically for iOS apps and their backends. The goal: build a complete, prioritized map of the attack surface so later static/dynamic analysis and tests are targeted and efficient. Learning objectives By the end of this module you will be able to: Prerequisites Recommended tools … Ler mais

Have you ever opened a cybersecurity textbook, took one look at the first page, and felt like you accidentally enrolled in a computer science PhD? Maybe you started a hacking tutorial on YouTube, only to discover the instructor types faster than your brain can process human language. Or perhaps you saw someone using Kali Linux … Ler mais

If you’ve ever imagined a hacker, chances are your mind immediately jumped to someone in a hoodie, typing furiously in a dark room lit only by neon screens and questionable life choices. Movies have done an excellent job convincing us that hacking is basically black magic powered by caffeine and emotional instability. But here’s a … Ler mais

If someone had told me a few years ago that I would voluntarily spend my nights learning how ports work, why firewalls sometimes act like moody bouncers, or how a simple misconfigured header can ruin someone’s day, I would have laughed. I mean, cybersecurity? That sounded like something straight out of a hacker movie—green code … Ler mais

In today’s hyperconnected world, most of us spend hours online each day—whether it’s shopping, banking, working remotely, or just scrolling through social media. While we go about our digital routines, a silent army of cybersecurity defenses works behind the scenes to protect us. From the moment we type a password, connect to Wi-Fi, or click … Ler mais

Step 1 -> Asset Discovery (Domains & Subdomains) Tools: Subfinder + DNSx Use shosubgo to extract subdomains from Shodan. Step 2 -> Probing & Port Scanning Tools: Naabu + Httpx Add -web-server in httpx to fingerprint web servers. Step 3 -> Tech Stack & Framework Detection Why? Knowing whether the app runs WordPress, Laravel, NGINX, … Ler mais

1) What is Nmap? Nmap (Network Mapper) is a free, open-source utility for network discovery and security auditing. It can discover live hosts, enumerate open ports and services, attempt service/version detection, and fingerprint operating systems — all using crafted network packets. It’s widely used by sysadmins, security engineers and penetration testers. Nmap+1 2) Install Nmap … Ler mais

Practical Roadmap (Recon → Scan → Report) 1) Preparation / Installation (Kali) Note: adjust $GOPATH/bin in your PATH (e.g. export PATH=$PATH:$(go env GOPATH)/bin). 2) Collect targets (subdomains) Example combining subfinder + amass + assetfinder: 3) Check which are online (httpx) Useful options: 4) Scanning with Nuclei Basic: Filtering by tags/severity: Tips: 5) Triage / manual … Ler mais

Retrieving hidden data Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data Open the lab and click on the Gifts button Switch to your burp suite and identify the request Click on it with right button and choose Send to repeater. In the repeater, put a SQLi payload and click on the … Ler mais

API Documentation Lab: Exploiting an API endpoint using documentation To solve the lab, find the exposed API documentation and delete carlos. You can log in to your own account using the following credentials: wiener:peter. Open the lab and click in My account link Use the credencials (wiener:peter) to logging the site Update your user account Go to … Ler mais