Blog: SANS Penetration Testing: Category - Challenges

Blog: SANS Penetration Testing:

Announcing the Awesome New SANS Brochure Challenge

Here's some fun news. SANS just released a new kind of challenge — one that unfolds from the pages of a SANS brochure itself. Created by Jeff McJunkin and a group of challenge-writing collaborators, we launched it this week with the mailing of the SANS Network Security brochure for the upcoming conference in Las Vegas in October 2014. This challenge will take you across many domains of knowledge, including (but not limited to!): infosec fundamentals, pen testing, digital forensics, steganography, social media, mobile devices, and much, much more, all wrapped up in some geeky fun!

You'll enjoy all these areas and more from the comfort of your brochure (paper or pdf) and local computer, along with everyone's favorite global network, the Internet itself. You'll be able to advance all the way through this challenge from anywhere in the world. If

...

Winner and Official Answer to Easter Challenge

[Hello, Challenge fans! Last Friday, we posted a nifty holiday-themed crypto & stego challenge by Chris Andre Dale. We offer a special thanks to Chris for creating the challenge and for letting us host it. A whole bunch of people managed to work their way through the challenge and solve it. But, there were two answers that were particularly noteworthy, and will receive two T-shirts each: a NetWars T-Shirt plus our SANS Pen Test Curriculum T-shirt.

Our first-place winner, who had the entire correct answer in the shortest time, was Matt Giannetto! He provided some great code to decipher the message and save the bunny, winningthe two T-shirts. Additionally, we'll provide a bonus prize (of the two T-shirts) for oneof the

...

Easter Challenge - The Mystery of the Missing Easter Bunny

By Chris Andre Dale

The Easter Bunny has been kidnapped, and YOU have to save him! Quickly collect yourself and help save him. Put on your detective hat and start investigating the clues provided.

We managed to intercept a message from the kidnappers. Unfortunately it seems to be scrambled in some way. We also managed to intercept a ciphered message from one of the criminals and the cipher text below. The cipher text was once considered unbreakable, however newer techniques of cryptoanalysis have proven how to beat it. Listen to the intercepted message from the kidnappers, or attack the cipher message. Your choice.

The intercepted message can be played back here:

...

Winners of the SANS Spectacular Pen Test Video Contest

Ladies and gentlemen, boys and girls, friends, Romans, and countryman,

I'm delighted to announce the winners to our SANS Spectacular Pen Test Video Contest. Back in January and February, we asked folks to channel their creativity to share some great tips, insights, techniques, and inspiration with other penetration testers. You can read the contest description here.

We got some FANTASTIC entries, and we'd like to thank all who participated. Entries included numerous great technical tips, interesting "acting", noble attempts at humor, and even one Rick Roll, naturally.

So, without further ado (thanks, Ted, for your gracious input), let's announce the winners (click on each picture to see the video). We'll announce the victors in our four categories first, and then select from among them for the GRAND prize winner.

First up, our

...

Mission Impossible? Thwarting Cheating in an Advanced Pen Test Class CtF: The SANS SEC660 Experience

[Editor's Note: SANS course on advanced pen testing (SEC660) teaches a lot of great, in-depth topics, including exploit development, network manipulation (NAC bypass, Scapy packet crafting, man-in-the-middle attacks, and more), and Python for pen testers with tons of hands-on exercises. The whole class culminates in a full-day, intense capture the flag event, where the winners earn a 660 challenge coin (which includes a cool cipher, natch).

But, when you teach a bunch of skills like that and hold a CtF on the last day, sometimes, a few students get a little too rambunctious in applying their new-found skills. At the risk of being indelicate, I'll come out and say it -- they try to cheat. By using their Python skills along with their MiTM capabilities, they try to snarf flags from other teams

...