SANS Penetration Testing

Python Cheat Sheet - pyWars (SEC573)

by: Mark Baggett Python skills are incredibly useful for all kinds of information security personnel, from pen testers to cyber defenders to forensics pros. With so many tools written in Python and so many Python libraries to work magic in just a few lines of code, I wrote a course (SANS SEC573) on how to … Continue reading Python Cheat Sheet - pyWars (SEC573)


SANS PowerShell Cheat Sheet from SEC560 Course

by Ed Skoudis PowerShell really is amazing, and comes in handy for all kinds of infosec tasks, from defense to analysis to offense. In my SANS Security 560 course, we cover PowerShell as a post-exploitation language, with all kinds of nifty tips and tricks for using it. When I teach the class, though, I notice … Continue reading SANS PowerShell Cheat Sheet from SEC560 Course


Scapy Cheat Sheet from SANS SEC560

One of my favorite tools for fine-grained interactions with target systems during penetration testing is the mightyScapy. While other tools are indispensable for scanning large numbers of machines, Scapy is like a fine-grained scalpel for manipulating a single target in a myriad of cool ways. With all kinds of features, Scapy just rocks. In … Continue reading Scapy Cheat Sheet from SANS SEC560


Mobile Device Security Checklist

By Lee Neely & Joshua Wright We often get asked for things we can do to help users keep their mobile devices secure. Here's a quick list of some simple things you can do to ensure that your mobile devices are running with at leastsomesecurity. All of these steps are free and raise the bar … Continue reading Mobile Device Security Checklist


Pen Testing Node.js: Staying N Sync Can Make the Server Go Bye Bye Bye

By Tim Medin I recently came across a node.js server in a pen test. If you aren't familiar with node.js, Wikipedia describes it as "...an open-source, cross-platform runtime environment for developing server-side web applications. Node.js applications are written in JavaScript and can be run within the Node.js runtime on a wide variety of platforms." For … Continue reading Pen Testing Node.js: Staying N Sync Can Make the Server Go Bye Bye Bye