SANS Penetration Testing

Scapy Cheat Sheet from SANS SEC560

One of my favorite tools for fine-grained interactions with target systems during penetration testing is the mightyScapy. While other tools are indispensable for scanning large numbers of machines, Scapy is like a fine-grained scalpel for manipulating a single target in a myriad of cool ways. With all kinds of features, Scapy just rocks. In … Continue reading Scapy Cheat Sheet from SANS SEC560


Mobile Device Security Checklist

By Lee Neely & Joshua Wright We often get asked for things we can do to help users keep their mobile devices secure. Here's a quick list of some simple things you can do to ensure that your mobile devices are running with at leastsomesecurity. All of these steps are free and raise the bar … Continue reading Mobile Device Security Checklist


Pen Testing Node.js: Staying N Sync Can Make the Server Go Bye Bye Bye

By Tim Medin I recently came across a node.js server in a pen test. If you aren't familiar with node.js, Wikipedia describes it as "...an open-source, cross-platform runtime environment for developing server-side web applications. Node.js applications are written in JavaScript and can be run within the Node.js runtime on a wide variety of platforms." For … Continue reading Pen Testing Node.js: Staying N Sync Can Make the Server Go Bye Bye Bye


Getting the Most Out of Shodan Searches

By Joshua Wright and Jeff McJunkin Shodan is a search engine that takes a distinct departure from most Internet search engines. Instead of searching through content intentionally served up and delivered to web browsers, Shodan allows us to search for Internet-connected devices. Created by John Matherly, Shodan uses distributed scanners throughout the world to randomly … Continue reading Getting the Most Out of Shodan Searches


NoSQL? No Problem! Pillaging MongoDB for Fun and Profit

By Josh Wright Database technology continues to evolve to meet different application needs. One example of this is the adoption of NoSQL databases used by many different modern web applications. NoSQL databases depart from the traditional table-based storage mechanisms widely known and loved (mildly appreciated?), and instead store simple key-value data pairs, JSON documents, graph … Continue reading NoSQL? No Problem! Pillaging MongoDB for Fun and Profit