SANS Penetration Testing: Author - eskoudis

EXTRA EXTRA! The New SANS Pen Test Poster

Extra! Extra! Read all about it! This week, many of you will be receiving our brand-spankin' new SANS Pen Test Poster in the mail. Please be on the lookout, because it's got some really cool stuff on attack surfaces, tools, and techniques. It's included in the mailing with the SANS Security West brochure. The poster … Continue reading EXTRA EXTRA! The New SANS Pen Test Poster


2014 SANS Holiday Hack Winners and Official Answers

[Editor's Note: Every year for eleven seasons now, SANS creates a Holiday Hack challenge for you to build your skills with real-world infosec tools and techniques, all the while having some good holiday-inspired fun, for everyone to participate in, no charge at all. If you haven't checked out our most recent SANS Holiday Hack Challenge, … Continue reading 2014 SANS Holiday Hack Winners and Official Answers


How Pen Testers Can Deal with Changes to Android SD Card Permissions

By Lee Neely & Chris Crowley Recent updates to the Android OS have changed the permission model for external storage, and these changes will likely impact the way pen testers assess the actions and corresponding risks associated with applications, both malicious and benign, particularly when analyzing how they interact with external storage. Consider this scenario: … Continue reading How Pen Testers Can Deal with Changes to Android SD Card Permissions


PHP Weak Typing Woes — With Some Pontification about Code and Pen Testing

By Josh Wright The other day I was reading Jos Wetzels' post on the Full Disclosure mailing list regarding a vulnerability in the open source social networking kit HumHub. One of the issues he pointed out was a PHP 'type juggling' attack where an attacker can force a password reset against HumHub for a user … Continue reading PHP Weak Typing Woes — With Some Pontification about Code and Pen Testing


Awkward Binary File Transfers with Cut and Paste

[Editor's note: Josh Wright spins up another useful blog article about different ways to move files to and from Linux systems. Lots of nice little tricks in this one. Thanks, Josh! -Ed.] By Josh Wright Sometimes I find myself with access to a remote Linux or Unix box, with limited opportunity to transfer files to … Continue reading Awkward Binary File Transfers with Cut and Paste