[Editor's Note: Here is the fifth in our series of penetrating testing tips drawn from the UltimateSANS Pen Test Poster. This time, our focus is on specific recommendations from Kevin Johnson about web app pen test tips, tools, resources, and other recommendations. Really helpful stuff. Thanks, Kevin!
[Editor's note: In this blog post, Raul Siles goes in-depth exploring how to attack a vulnerability in the way Android device lock works. Although a patch was released last week for this flaw, the slow (or nonexistent) update cycle for many users means this attack mechanism will be valid for quite some time to come. The best part of Raul's write-up is his use of both static and dynamic analysis techniques and a variety of tools to tease apart the flaw. Raul ends by showing how you can test that the newly released fixes for Android block exploitation of the flaw. Nice stuff! --Ed.]
By Raul Siles
Shameless plug: I will be teaching the 6-day SANS SEC 575: Mobile Device Security and Ethical Hacking course in Abu Dhabi, UAE (Apr 26, 2014 - May 1, 2014) and...
[Editor's Note: We're continuing our series on useful tips and tricks for different kinds of pen testing, based on the SANS Pen Test Poster. In this installment, Mr. Larry "Hax0r the Matrix" Pesce covers some great tips, ideas, and resources for wireless penetration tests. Great stuff!
Earlier in this series, we covered:
By Josh Wright
[In this third installation of tips originally included in the Ultimate SANS Pen Test Poster, we'll turn to Josh Wright's tips for mobile device penetration testing. Josh shares some really useful insights here, as well as recommendations for tools (software and hardware) and resources for keeping current. Nice stuff!
[Here's the second part of our series of Pen Test Tips that were featured on the Ultimate SANS Pen Test Poster. Last week, we featured some network Pen Test Tips by John Strand. This time around, Mr. Steve Sims shares some useful insights and resources on exploit development. --Ed.]
By Steve Sims
- Recon — When fuzzing applications and kernels for potential vulnerabilities, monitoring is key in successfully identifying what caused a crash to occur. Failure to properly set up monitoring may render an otherwise exploitable condition to go unnoticed.
- Scanning — When bug hunting, fuzzing is one of your best friends. It is critical to spend the upfront