North Green Security
Blog
Keep up to date with the latest developments from North Green Security. Here we will discuss our views on developments within the cyber security industry, new vulnerabilities and attacks, skills development, and career progression.
Latest News
Exploiting NFS: understanding misconfigurations and attack vectors
Any system that is used to share files across a network can be incredibly valuable to a penetration tester. From finding usernames and passwords, to identifying configuration files that give insight into device configuration, file sharing protocols are potential...
Pivoting with SSH tunnels
During a penetration test, it is possible to come across networks that you know exist but just can't reach directly. When that happens, testers need a way to pivot into these networks and keep the assessment moving. In these situations, it is important to be...
Attacking DNS for pentesters
When someone types a website address into their browser, they probably don’t think about what happens in the background. But for a pentester, understanding that process is key. DNS (Domain Name System) is what makes the internet usable. Instead of remembering IP...
Improve your pentesting skills – our intentionally insecure web app
We’re excited to share our new vulnerable web app – a brand-new resource for anyone looking to learn the art of ethical hacking and penetration testing. Our new super secure site is anything but! Instead, this hands-on, self-hosted vulnerable web app, has been...
What is SQL injection
Let’s break down what SQL injection is, how attackers use it to access data, and why it’s still a major issue, despite being one of the oldest vulnerabilities around. First things first, what is SQL injection? At its simplest, SQL injection is a way for attackers to...
How to use Nmap: a guide and cheat sheet
Nmap is one of the best network mapping tools out there. This guide will explain how to use Nmap to identify machines and services available in a network. What is Nmap? Nmap is a free and open-source tool that can be used by network and system administrators and...
An Introduction to Linux for Penetration Testers
Learn the basics of Linux with North Green. This free, beginner-friendly, video-based course introduces essential commands, tools, and tips to help you navigate, manage systems, and effectively use Linux. Practical experience is key to mastering Linux, and we’ve got...
Setting up your own testing lab environment
A HOW TO GUIDE Introduction Welcome to your journey into building a lab environment with VirtualBox! Whether you are an aspiring penetration tester or just someone passionate about cybersecurity, having a safe and controlled environment to practice and experiment is...
How to Start Your Career In Penetration Testing
A HOW TO GUIDE If you want a career in penetration testing but don’t know where to start, this e-book will take you through what you need to know, with plenty of advice and tips throughout. Introduction Let's be honest. The cyber security industry is a mystery to most...
Crack more passwords with custom wordlists
Password cracking is an essential skill for penetration testers. Whether it is being used to crack a hash you’ve got from using responder, gain a first foothold on a device, or attempting to compromise accounts for lateral movement through a network, it is an...
What are JWTs – and how to ‘hack’ them
JSON Web Tokens – or JWTs – are a common method of providing authentication and authorisation to a web application. While they may seem complex, it is possible to look closely and break down the structure of these three-part tokens, to understand the different...
An A-Z of pentesting terms and abbreviations – Part 2
In this blog post, we continue our A-Z glossary of common pentesting abbreviations, acronyms and terms, from N-Z. Get ready for the likes of OSINT, RFI, YubiKeys and more. And don’t forget, you can catch up on any terms you missed in part one (A-M) here. N – Nmap One...
How to identify and exploit XSS vulnerabilities
What is Cross-site scripting (XSS)? Cross-site scripting (XSS) is a web security vulnerability in which an attacker is able to inject malicious scripts into vulnerable sites and compromise the interaction between the user and the site. Cross-site scripting is what we...
An A-Z of pentesting terms and abbreviations – Part 1
The tech industry is synonymous with abbreviations, and cyber security is no different. TLAs (three letter abbreviations), acronyms, other abbreviations and unfamiliar names or terms are the norm. As a result, in this blog we have collated an A-Z glossary for the...
Training, mentoring and the illusion of short-term mentorship
Cyber security is an interesting, fast moving and in demand industry. On the one hand, we are constantly being told there are not enough professionals to fill the need. Yet without clear pathways, it can be challenging to find roles at the beginning of your journey...
Vulnerability Scanning and Penetration Testing
“What is the difference between a vulnerability scan and a penetration test?” It’s something we are often asked by clients who are considering their security and starting to look at ways to protect themselves and their businesses. Vulnerability scans and penetration...
Why learning from practicing pentesters is the key to success
Cyber security moves fast. Threats evolve at an incredible pace and pentesting techniques change and develop along with them. That’s why your choice of pentesting training provider is an important decision. At North Green Security, we recognise the importance of...
What is Cyber Essentials?
If you are starting to look at cyber protection for your business, then the UK Government backed Cyber Essentials scheme is a great place to start. In fact, these are excellent standards to consider, wherever you are on your journey – at North Green, we go through...
What you need to know about ransomware
The consequences of a ransomware attack can be utterly devastating. The mere thought of a business losing access to its computers, its networks and its data is a nightmare scenario for many – and this fear became a harsh reality for the UK logistics firm KNP Logistics...
Can you spot a phish?
Roughly 8.3 billion emails are sent each day in the UK and nearly half of them are spam or phishing emails. That’s a whole lot of rogue and potentially malicious emails – and a pretty frightening number too! We all know that spam is generally unwanted or irrelevant...
Be part of our community by doing the following:
Join our
mailing list
Join our
Discord channel
Follow us on
Twitter
Follow us on
LinkedIn
