Tutorials

Tutorials

• Update Kali Linux to the latest software repository key

  Kali Linux users might encounter errors when they update or download new software, exposing systems to security threats. A new repository key will eliminate those problems.  Continue Reading

• Kali vs. ParrotOS: Security-focused Linux distros compared

  Network security doesn't always require expensive software. Two Linux distributions -- Kali Linux and ParrotOS -- can help enterprises fill in their security gaps.  Continue Reading

• Hydra password-cracking tool: How to download and use it for good

  Ethical hackers, need help brute forcing passwords? Learn how to download and use the open source Hydra password-cracking tool with this step-by-step tutorial and companion video.  Continue Reading

• How to use arpwatch to monitor network changes

  The arpwatch utility flags administrators in the event of any unexpected changes or unauthorized devices, which could signal ARP spoofing or credential-harvesting attacks.  Continue Reading

• How to create custom sudo configuration files in /etc/sudoers

  Sudo offers administrators a lot of flexibility. Creating custom sudo configurations can go a long way toward easing management and service upgrade challenges.  Continue Reading

• Using shred and dd commands in Linux to securely wipe data

  When it's time to get rid of old systems or when moving one system from one location to another, it's a good idea to use Linux utilities to securely delete existing data.  Continue Reading

• How to use pfSense: Use cases and initial configurations

  Open source firewall and routing software pfSense offers a compelling mix of capabilities that can work for organizations large and small.  Continue Reading

• How to test firewall rules with Nmap

  Using Nmap to identify potential shortfalls in the rules used to govern firewall performance gives teams an easy and cost-effective way to plug holes in their security frameworks.  Continue Reading

• How to build a Python port scanner

  Python offers beginning coders a lot of flexibility and is a novel way to build tools designed to probe port performance across your network.  Continue Reading

• How to conduct firewall testing and analyze test results

  A misconfigured firewall can wreak havoc throughout your organization. Firewall testing to ensure rules are written correctly and that any changes are validated is critical.  Continue Reading

• How to use tcpreplay to replay network packet files

  The suite of tools that comprise tcpreplay offers administrators a variety of network security options. Learn some of the benefits of this free utility.  Continue Reading

• How to use Tor -- and whether you should -- in your enterprise

  The Tor browser has sparked discussion and dissension since its debut. Does the software, which promises anonymous and secure web access, have a role to play in the enterprise?  Continue Reading

• How to use PuTTY for SSH key-based authentication

  This tutorial on the open source PuTTY SSH client covers how to install it, its basic use and step-by-step instructions for configuring key-based authentication.  Continue Reading

• Intro: How to use BlackArch Linux for pen testing

  BlackArch Linux offers a lot of pen testing and security benefits, but it requires knowledgeable and independent professionals who can put the distribution to work.  Continue Reading

• How to use Pwnbox, the cloud-based VM for security testing

  Pwnbox offers users the chance to hone their skills about security concepts and tools without having to build a costly lab environment.  Continue Reading

• How to use Social-Engineer Toolkit

  Testing system components for vulnerabilities is just one part of the network security equation. What's the best way to measure users' resilience to social engineering threats?  Continue Reading

• How to configure sudo privilege and access control settings

  Learn how to use the sudo command for access control configurations, from granting full administrative privileges to delegating roles.  Continue Reading

• Use sudo insults to add spice to incorrect password attempts

  The life of an admin doesn't have to be dry. When a user enters a wrong password, for example, why not respond with a message that says, 'You're fired!' With sudo insults, you can.  Continue Reading

• Fuzzy about fuzz testing? This fuzzing tutorial will help

  Organizations are searching for ways to automate and improve their application security processes. Fuzz testing is one way to fill in some of the gaps.  Continue Reading

• How to use a jump server to link security zones

  Jump servers are a perfect example of less is more. By using these slimmed-down boxes, administrators can connect to multiple resources securely.  Continue Reading

• How to use SDelete to ensure deleted data is gone for good

  When data is deleted from a disk, is it gone? One way to make sure file info is permanently erased is to use SDelete, a utility specifically tailored to remove key data.  Continue Reading

• How to disable removable media access with Group Policy

  Removable media can pose serious security problems. But there is a way to control who has access to optical disks and USB drives through Windows' Active Directory.  Continue Reading

• How to use the John the Ripper password cracker

  Password crackers are essential tools in any pen tester's toolbox. This step-by-step tutorial explains how to use John the Ripper, an open source offline password-cracking tool.  Continue Reading

• How to create fine-grained password policy in AD

  Fine-grained password policies are a simple and effective way of ensuring password settings meet business requirements.  Continue Reading

• How to enable Active Directory fine-grained password policies

  Specifying multiple password policies customized to specific account types adds another layer to an organization's security posture. Using PSOs instead of Group Policy can help.  Continue Reading

• How to use BeEF, the Browser Exploitation Framework

  The open source BeEF pen testing tool can be used by red and blue teams alike to hook web browsers and use them as beachheads to launch further attacks.  Continue Reading

• How to use Wireshark OUI lookup for network security

  Wireshark OUI lookup helps cyber defenders, pen testers and red teams identify and target network endpoints -- and it can be accessed from any browser.  Continue Reading

• How to create and add an SPF record for email authentication

  Learn how to create Sender Policy Framework records to list authenticated mail servers for an email domain to fight spam, phishing, email forgery and other malicious email.  Continue Reading

• How to use SSH tunnels to cross network boundaries

  The Secure Shell protocol authenticates and encrypts network connections. Find out how it's used to build tunnels while crossing private networks and even firewalls.  Continue Reading

• Use ssh-keygen to create SSH key pairs and more

  Learn how to use ssh-keygen to create new key pairs, copy host keys, use a single login key pair for multiple hosts, retrieve key fingerprints and more in this tutorial.  Continue Reading

• Mimikatz tutorial: How it hacks Windows passwords, credentials

  In this Mimikatz tutorial, learn about the password and credential dumping program, where you can acquire it and how easy it makes it to compromise system passwords.  Continue Reading