“Privilege Escalation” at Glance

Before discussing more about privilege escalation, first we must know what is ‘privilege’. Privilege is the level of authority given to user on a specific system or file. Or we can say that privilege is ‘what the user are permitted to do”. For example, a general user doesn’t have the privilege to change the sytem settings on a machine while the administrator have it. Continue Reading

“Vulnerability Assessment” at Glance

Hello Guys,
Lets talk about Vulnerability Assessment.

First, we must know what is Vulnerability. (you can go to this post)
Vulnerability is a weak point/spot of a system that can be attacked/exploited by someone through a series of method and technique to take over the control over the system. There are three types of vulnerability, Hardware Software and Human/Brainware. Continue Reading

“Vulnerability” at Glance

Wikipedia :
“In computer security, a vulnerability is a weakness which allows an attacker to reduce a system’s information assurance. Vulnerability is the intersection of three elements : a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface.” Continue Reading

Hacking Framework

Here’s the phases of hacking/ Hacking Framework :

1. Information Gathering
2. Service Enumeration
3. Vulnerability Assessment
4. Exploitation
5. Backdooring
6. Housekeeping
7. Rootkit/Maintain Access

Lets study these phase one by one. Continue Reading

PenTest at Glance

What is Pentest ??

PenTest is the acronym for Penetration Test,
Penetration Test itself is a method to evaluate the security of a computer or a network by simulating possible real attack performed by Black hackers or cracker.
So generally, Pentest is not a bad activity and have a good ethics. By simulating the attack performed by the black hackers, Pentester also try to attack the system using the ways that also will possibly used by the real black hackers or crackers. PenTest is more to the defensive purpose (because after attack the system and find the weak point of the system, pentester will inform the admin of the system to fix it).

Then, who is PenTester?? Continue Reading