Nowadays, with the evolution of technology, many companies are starting their journey as a cloud native company. They don’t work in traditional infrastructure environments. Cloud computing has become more accessible, for any people inside of company, since the cloud architecture until marketing team, remote workers, after the covid-19 pandemic, many organizations have been increasing their access in the cloud. This migration, or “adaptation”, brings a series of challenges, according to the Gartner Peers Community, these are the responses to a question about cloud adoption:   “What, accor ..read more

Introduction Radio Frequency (RF) penetration testing, popularly referred to as RF pentesting, stands as a vital domain within ethical hacking. Its primary goal is to meticulously identify vulnerabilities inherent within wireless communication systems (Smith & Johnson, 2018). In contemporary times, with the exponential growth of the Internet of Things (IoT), smart homes, connected cars, and wearable devices, the importance of RF pentesting has soared significantly. This specialized form of testing has emerged as a crucial tool for evaluating the security of wireless networks and assessing ..read more

The Surge of Double Extortion Ransomware Attacks Ransomware attacks have become an increasingly severe threat to organizations around the world. A particularly insidious new trend is the rise of "double extortion" attacks, in which cybercriminals not only encrypt an organization's data but also threaten to publicly release sensitive stolen information if the ransom is not paid. In this comprehensive article, we will examine the evolution and surge in these double extortion campaigns, look at real-world examples of how high-profile companies have been significantly impacted, and provide best pr ..read more

Introduction The advent of wireless technologies, from mobile phones to Wi-Fi, satellite communications, and even automobiles, has established radio frequencies as a cornerstone of modern communication. However, with this ubiquity comes significant security threats, including a rise in man-in-the-middle attacks, replaying, and communication disruption. This article delves into the intriguing domain of radio frequency penetration testing, highlighting its challenges, methods, and security implications, and provides insights into creating a dedicated pentesting lab. This guide serves as an essen ..read more

We're extremely happy to invite you to the first ever webinar by PenTest Mag! Hosted by Timothy Hoffman, the talk will evolve around the topic of our latest online course - "Aerospace Cybersecurity: Satellite Hacking", designed and instructed by Angelina Tsuboi.  During the event, the discussion will touch the practical aspects of the fascinating field of aerospace cybersecurity. You will have a chance to listen about tools, techniques, and even real-life case studies from the realm of satellite ethical hacking. After the talk, there will be a chance to ask our instructor some ques ..read more

Overview As we live in a digital era with rapid development of Application Programming Interfaces (API), safeguarding your application data is very important. Application Programming Interfaces have become an integral part of modern application development, facilitating seamless communication between different software components, platforms, and services. As APIs are increasingly used, they are equally targeted by cybercriminals and hence, it has become crucial to protect data. This article provides a comprehensive understanding about what is API penetration testing, types of testing, its key ..read more

Honeypot technology holds significant importance in today's technology-driven world, serving as a crucial tool for safeguarding networks and monitoring evolving threat trends. Frequently, it is employed to safeguard production systems by identifying and diverting unauthorized intrusion attempts. Indeed, a honeypot serves as an early warning system, proving highly valuable for the examination of attacker behavior, especially in cases of unfamiliar attacks. Thanks to its distinctive design and application capabilities, it can effectively mitigate the deficiencies of other established security me ..read more

Whether during a pentest or bug hunting activity, the first step is the reconnaissance phase, and subdomain enumeration emerges as one of the most crucial tasks. Identifying and enumerating subdomains is essential to understand an organization's attack surface or protect against potential threats. You can enhance and streamline subdomain enumeration using BBRF (Bug Bounty Reconnaissance Framework), a robust and versatile tool designed to simplify and improve the reconnaissance phase. In this article, we'll walk you through the installation steps and ways to use it.   Installation prerequi ..read more

Vulnerability assessment is one of the most important components of risk management, with a lot of enterprise tools provided to reach this target. One of the first questions is: can we have anything in the open source world that can provide us enterprise tool features? Tools designed to be open source exist, NERVE (my personal fork of NERVE project https://github.com/kavat/nerve already described in a previous topic :-)) and OpenVAS (https://github.com/greenbone/openvas-scanner, developed by Greenbone) are the two main alternatives. Both are based on NMAP (https://github.com/nmap/nmap) and pro ..read more

The Theory behind WiFi Jamming in the RF Spectrum You might have seen several WiFi jamming devices on Chinese sites such as Aliexpress, Wish, or Alibaba.  However, Signal Jammers are very different from WiFi deauthers, since the first one creates a lot of signal interference in the RF spectrum while the other one basically injects forged frames to disconnect the WiFi clients from the WiFi router or access Point. So what is a Jammer? Image 1: Example of Signal Jammers In a nutshell: A WiFi jammer is a device that creates a lot of random noise to prevent communication on a specific WiFi ba ..read more