SANS Penetration Testing: Category - Reporting

How Not to Fail at a Pen Test: Slides and Stream

Earlier this week, John Strand presented a fantastic webcast that was chock full of pen test tips. This post contains the slides as well as a link to the streaming slides and webcast audio. Here's the description of the talk: In this presentation, John and Ed will cover some key components that many penetration tests … Continue reading How Not to Fail at a Pen Test: Slides and Stream


Demanding MOAR From Your Vulnerability Assessments and Pen Tests - Slides and Link

A few weeks ago, I did a presentation on Demanding MOAR from Your Vulnerability Assessments & Pen Tests. I'd like to share the slides with you now. The presentation is full of tips, some easy and others more complex, for providing extra value in vuln assessment and pen test work. Here's the official description of … Continue reading Demanding MOAR From Your Vulnerability Assessments and Pen Tests - Slides and Link


Dealing with the Many Stages of Pen Test Result Grief - Part 2

By Ed Skoudis In this series of articles, we're looking at some of the grief that penetration testers often encounter when they deliver their results and recommendations. Our premise? You, a great pen tester, work your tail off to conduct a wonderful, high-value, technically awesome pen test. The result? Target system personnel vomit all over … Continue reading Dealing with the Many Stages of Pen Test Result Grief - Part 2


Data, Data, Everywhere - What to do with Volumes of Nessus Output

[Editor's note: Here's a really nice article by Kevin Fiscus on a tool that'll help you analyze and manage a great deal of Nessus vulnerability scanner output. This is really helpful, cool stuff! Thanks, Kevin. -Ed.] By Kevin Fiscus Doing really good, high-value penetration testing is hard. You have to start with a solid, repeatable … Continue reading Data, Data, Everywhere - What to do with Volumes of Nessus Output