URPF (Unicast Reverse Path Forwarding) is a feature used to combat IP spoofing in network and security devices. URPF checks whether the packet comes from the appropriate interface by comparing the source IP address of the packet with the routing table. URPF is valid for systems protected by a security/network device, not for packets coming from the Internet.When performing DDoS tests, a network/security device at the exit of the tested network may usually block the generated fake IP packets due to URPF (or a similar feature).

Cookies/session are web application components that are needed during the development phase of the server side of web applications for reasons such as distinguishing and authorizing the users who visit it, keeping the current session for a certain period of time, carrying various information or managing the session. Cookie and session are web application expressions that are used for similar purposes but have some fundamental differences. In terms of security, session usage is generally preferred.

There are many tools (medusa, hydra, bruter, metasploit aux modular, etc.) to be used for brute force attacks, which are constantly needed in penetration tests. In this article, we will show you how to use Medusa and how we can try the desired user accounts through different services. For example, by reading the requested usernames and passwords from the file, performing bruteforce on the HTTP service (TCP/80) (trying the username as empty and the username as password (-e ns)), writing the successful findings to the result.txt file

If you have a single available IP address and want to use more than one application using the same port on this IP address, using software that can distinguish packets based on protocol header information on a single port will solve the problem. SSHL is a software developed for this purpose. SSHL listens to a port you specify and examines the connection requests coming to this port, determines which protocol the request belongs to, and then directs the connection to the relevant service.

The HashTag.py tool, which will be used to determine the type of password hashes obtained in penetration tests, is a tool written in Python that separates and identifies different password hash values ​​according to their type. It supports hash value of 250 and above. In addition to reading hash values ​​directly, HashTag can also read hash values ​​from the file.

PCI/DSS (Payment Control Industries/Data Security Standard); In order to ensure data security in card payment systems, internationally accepted payment brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. It was developed by the PCI Committee formed by international institutions.