SANS Penetration Testing

Azure 0day Cross-Site Scripting with Sandbox Escape

[Editor's Note: Chris Dale is an amazing gentleman. He finds Cross-Site Scripting (XSS) flaws in the most interesting and wonderful places. In this article, Chrisshares some insights into his methods and how he applied them in finding a zero-day XSS flaw associated with Microsoft Asure. Good reading! -Ed.] By Chris Dale Earlier in 2016, I … Continue reading Azure 0day Cross-Site Scripting with Sandbox Escape


iOS 10 is Apple's Gift to Android Users

How the latest update to iOS 10 will dramatically improve Android security At the Apple WWDC conference in June, Ivan Krstic, Apple Head of Security Engineering & Architecture, made a bold declaration: "At the end of 2016, Apple will make ATS mandatory for all developers who hope to submit their apps to the App Store." … Continue reading iOS 10 is Apple's Gift to Android Users


Python Cheat Sheet - pyWars (SEC573)

by: Mark Baggett Python skills are incredibly useful for all kinds of information security personnel, from pen testers to cyber defenders to forensics pros. With so many tools written in Python and so many Python libraries to work magic in just a few lines of code, I wrote a course (SANS SEC573) on how to … Continue reading Python Cheat Sheet - pyWars (SEC573)


SANS PowerShell Cheat Sheet from SEC560 Course

by Ed Skoudis PowerShell really is amazing, and comes in handy for all kinds of infosec tasks, from defense to analysis to offense. In my SANS Security 560 course, we cover PowerShell as a post-exploitation language, with all kinds of nifty tips and tricks for using it. When I teach the class, though, I notice … Continue reading SANS PowerShell Cheat Sheet from SEC560 Course


Scapy Cheat Sheet from SANS SEC560

One of my favorite tools for fine-grained interactions with target systems during penetration testing is the mightyScapy. While other tools are indispensable for scanning large numbers of machines, Scapy is like a fine-grained scalpel for manipulating a single target in a myriad of cool ways. With all kinds of features, Scapy just rocks. In … Continue reading Scapy Cheat Sheet from SANS SEC560