Enhancing Web Application Security with Burp Suite Community: A Comprehensive Guide

2023-05-292023-05-26 ~ Tom's IT Cafe ~ 1 Comment

Web application security is of paramount importance in today’s digital landscape. Organizations need robust tools to identify vulnerabilities and safeguard their applications against potential threats. One such powerful solution is Burp Suite Community—a comprehensive web application security testing tool developed by PortSwigger.

In this blog post, we will explore the installation process and highlight the key features that make Burp Suite Community an invaluable asset for security professionals and penetration testers.

Continue reading →

How to brute force and crack SSH passwords with Hydra? Ethical Hacking in real practice!

2023-01-182023-04-28 ~ Tom's IT Cafe ~ 2 Comments

In this presentation we will crack the password of a general Linux user via SSH in our personal lab. The machine from which we start the attack is a Kali Linux box, and the attacked machine is an ordinary Debian Linux on which a user set a weak password. Unfortunately the security settings are weak on the target host, so we have a great chance for success. We already know the name of the user.

Important note: cracking passwords in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!

Continue reading →

How to install a Debian Linux Penetration Testing machine?

2023-01-07 ~ Tom's IT Cafe ~ Leave a comment

There are excellent Linux distributions for Cyber Security professionals like Kali. They ship all the the bells and whistles that is needed for the tasks. If we want to learn how to put together our own Penetration Testing system we can use a fresh Debian Linux box. I created a small setup from the NetInstall iso starting from the defaults.

Continue reading →

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31