Search Results

The Open Source Security Testing Methodology Manual provides a detailed framework of testing strategies for systems, software, applications, communications and the human aspect of cybersecurity. The methodology focuses primarily on how these systems, applicat...

The "Open Web Application Security Project" framework is a community-driven and frequently updated framework used solely to test the security of web applications and services. The foundation regularly writes reports stating the top ten security vulnerabilit...

The NIST Cybersecurity Framework is a popular framework used to improve an organisations cybersecurity standards and manage the risk of cyber threats. This framework is a bit of an honourable mention because of its popularity and detail. The framework provi...

The Cyber Assessment Framework (CAF) is an extensive framework of fourteen principles used to assess the risk of various cyber threats and an organisation's defences against these. The framework applies to organisations considered to perform "vitally import...

The ROE is a document that is created at the initial stages of a penetration testing engagement. This document consists of three main sections (explained in the table below), which are ultimately responsible for deciding how the engagement is carried out. Th...

Hat Category Description Example White Hat These hackers are considered the "good people". They remain within the law and use their skills to benefit others. For example, a penetration tester performing an authorised engagement on a company. ...

Black-Box Testing This testing process is a high-level process where the tester is not given any information about the inner workings of the application or service. The tester acts as a regular user testing the functionality and interaction of the applicatio...

The CIA triad is an information security model that is used in consideration throughout creating a security policy. This model has an extensive background, ranging from being used in 1998. This history is because the security of information (information secur...

It is vital to administrate and correctly define the various levels of access to an information technology system individuals require.  The levels of access given to individuals are determined on two primary factors: The individual's role/function within t...

Before discussing security models further, let's recall the three elements of the CIA triad: Confidentiality, Integrity and Availability. We've previously outlined what these elements are and their importance. However, there is a formal way of achieving this. ...

Threat modelling is the process of reviewing, improving, and testing the security protocols in place in an organisation's information technology infrastructure and services. A critical stage of the threat modelling process is identifying likely threats that a...

Penetration tests can have a wide variety of objectives and targets within scope. Because of this, no penetration test is the same, and there are no one-case fits all as to how a penetration tester should approach it.  The steps a penetration tester takes dur...

SecLists: Lists with Usernames, Passwords, Patterns

PayloadsAllTheThings: Misc payloads and bypasses

https://pwnagotchi.ai/ Raspi w. Battery and display AI WiFi Pwning

https://flipperzero.one/ Buy here (165€) Universal Swiss Army Knife (BLE, NFC, IR, RF, GPIO, ...)

https://proxmark.com/ NFC Multitool