7MS #264: Hacking Wordpress
7 Minute Security29 Kesä 2017

7MS #264: Hacking Wordpress

I was pleasantly surprised to see a Wordpress site fall into a pentest scope this past week. One helpful tool to get familiar with when attacking Wordpress sites is wpscan, which is built right into Kali - or you can grab it from GitHub. Get familiar with the command line flags as they can help you conduct a more gentle scan that recovers from site errors/disconnections more easily. Specifically, read up on these options:

  • --throttle - for example, I've been using --throttle 1000 in order to be a bit less intense on my target site

  • --request-timeout and --connect-timeout help your scan recover smoothly from site errors/timeouts

Also, if you find yourself in a situation where you're testing a production Wordpress sight (not recommended), consider setting up a free up/downtime alert via a free service like Uptime Robot so you can get emails if the site ever poops out. That certainly beats hitting F5 in Firefox every 10 seconds :-)

Jaksot(710)

7MS #557: Better Passive Network Visibility Using Teleseer

7MS #557: Better Passive Network Visibility Using Teleseer

Today we're talking about Teleseer, which is an awesome service to give you better network visibility - whether you're on the blue, red or purple team! It all starts with a simple packet capture, and ...

27 Tammi 20237min

7MS #556: How to Build a Vulnerable Pentest Lab

7MS #556: How to Build a Vulnerable Pentest Lab

Today's episode is brought to us by our friends at Blumira! Today we kick off a series all about building your own vulnerable pentest lab from scratch, specifically: Spinning up a domain controller ...

20 Tammi 20237min

7MS #555: Light Pentest eBook 1.1 Release

7MS #555: Light Pentest eBook 1.1 Release

Today we're releasing version 1.1 of our Light Pentest eBook. Changes discussed in today's episode (and shown live in the accompanying YouTube video) include: Some typos and bug fixes A new section o...

13 Tammi 20237min

7MS #554: Simple Ways to Test Your SIEM

7MS #554: Simple Ways to Test Your SIEM

Today we talk about Simple Ways to Test Your SIEM. Feel free to check out the YouTube version of this presentation, as well as our interview with Matt from Blumira for even more context, but here are ...

6 Tammi 202359min

7MS #553: The Artificial Intelligence Throat Burn Episode

7MS #553: The Artificial Intelligence Throat Burn Episode

Hey friends, today's episode is hosted by an AI from Murf.ai because I suffered a throat injury over the holidays and spent Christmas morning in the emergency room! TLDL: I'm fine, but if you want the...

30 Joulu 20225min

7MS #552: Tales of Pentest Pwnage - Part 45

7MS #552: Tales of Pentest Pwnage - Part 45

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent...

24 Joulu 202257min

7MS #551: Interview with Matt Warner of Blumira

7MS #551: Interview with Matt Warner of Blumira

Today we welcome our pal Matthew Warner (CTO and co-founder of Blumira) back to the show for a third time (his first appearance was #507 and second was #529). I complained to Matt about how so many SI...

16 Joulu 20221h 10min

7MS #550: Tales of Pentest Fail - Part 5

7MS #550: Tales of Pentest Fail - Part 5

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersec...

9 Joulu 202252min

Suosittua kategoriassa Politiikka ja uutiset

aikalisa
ootsa-kuullut-tasta-2
rss-ootsa-kuullut-tasta
tervo-halme
politiikan-puskaradio
rss-podme-livebox
et-sa-noin-voi-sanoo-esittaa
viisupodi
otetaan-yhdet
rss-vaalirankkurit-podcast
rss-asiastudio
the-ulkopolitist
radio-antro
io-techin-tekniikkapodcast
linda-maria
rss-mina-ukkola
rss-kaikki-uusiksi
rikosmyytit
rss-kiina-ilmiot
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset