We're delighted to announce a new Twitter-based contest here with a fantastic prize. And, participating in this one is really easy. Check it out! SANS Pen Test HackFest Summit & Training is coming back for another year of exciting hands-on learning opportunities in Crystal City, VA, November 2-9! We throw everything we've got into … Continue reading SANS HackFest Twitter Contest!
[Editor's Note: Chris Dale is an amazing gentleman. He finds Cross-Site Scripting (XSS) flaws in the most interesting and wonderful places. In this article, Chrisshares some insights into his methods and how he applied them in finding a zero-day XSS flaw associated with Microsoft Asure. Good reading! -Ed.] By Chris Dale Earlier in 2016, I … Continue reading Azure 0day Cross-Site Scripting with Sandbox Escape
How the latest update to iOS 10 will dramatically improve Android security At the Apple WWDC conference in June, Ivan Krstic, Apple Head of Security Engineering & Architecture, made a bold declaration: "At the end of 2016, Apple will make ATS mandatory for all developers who hope to submit their apps to the App Store." … Continue reading iOS 10 is Apple's Gift to Android Users
by: Mark Baggett Python skills are incredibly useful for all kinds of information security personnel, from pen testers to cyber defenders to forensics pros. With so many tools written in Python and so many Python libraries to work magic in just a few lines of code, I wrote a course (SANS SEC573) on how to … Continue reading Python Cheat Sheet - pyWars (SEC573)
by Ed Skoudis PowerShell really is amazing, and comes in handy for all kinds of infosec tasks, from defense to analysis to offense. In my SANS Security 560 course, we cover PowerShell as a post-exploitation language, with all kinds of nifty tips and tricks for using it. When I teach the class, though, I notice … Continue reading SANS PowerShell Cheat Sheet from SEC560 Course