Sometimes, you need a vulnerable machine. Whether you are looking to learn about attack methods, or test your new controls - it is helpful to have a machine that contains vulnerabilities
When juggling multiple devices, the cloud offers many benefits. I have been maintaining multiple instances of Kali across my desktops and laptops for a bit now - and it is getting tiresome. Sounds like the perfect opportunity to dive into AWS. Here is how to setup your Kali box up in the AWS cloud.
We pride ourselves in creating understandable, actionable reports for our clients. The goal of a penetration test is not to prove an attack can be successful, but to identify and prioritize remediation actions and strategies.
TLDR; 1. Steal this document 2. Read and understand the model 3. Give a Current Rating to each control 4. Give a Desired Rating to each control 5. Identify gaps 6. Scope projects to close gaps 7. Execute projects 8. Rinse and repeat
I attribute about 95% of my learning to actually doing work. Most of my peers would agree and even push it further to “95% of my learning is by screwing things up.” For many computing platforms, it is very easy…