GOAD_Provisioning_ActiveDirectory

Today we will talk about GOAD, from its creators:

GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques.

This lab is extremely vulnerable, do not reuse recipe to build your environment and do not deploy this environment on internet without isolation (this is a recommendation, use it as your own risk). This repository was build for pentest practice.

Continue reading

Using Burp with Containers In Docker

Making Docker Containers Trust Burp Suite’s CA for Testing

When testing applications running inside Docker containers, intercepting traffic with Burp Suite can be challenging because containers don’t automatically trust Burp’s CA certificate. Without trust, HTTPS requests from inside the container will fail with certificate errors.

In this post, I’ll show you how to:

1. Add Burp Suite’s CA to your host system
2. Pass the trusted CA to Docker containers
3. Ensure seamless HTTPS traffic interception for testing

Let’s get started!

Preparation and Review of eMAPT (INE security FKA eLearnSecurity Mobile Application Penetration Tester

I started thinking about Mobile pentesting sometime back. Finally in Feb/2024, I paid for the yearly subscription for INE and added eMAPT to my cart. If you dont know about eMAPT cert, then head over to eMAPT certification. And as per their home page

The Mobile Application Penetration Tester (eMAPT) certification is issued to cyber security experts that display advanced mobile application security knowledge through a scenario-based exam.

And on Apr/05/2024, I got My Certificate.