SANS Penetration Testing: Category - Scanning

SANS Pen Test Cheat Sheet: Scapy

One of my favorite tools for fine-grained interactions with target systems during penetration testing is the mightyScapy. While other tools are indispensable for scanning large numbers of machines, Scapy is like a fine-grained scalpel for manipulating a single target in a myriad of cool ways. With all kinds of features, Scapy just rocks. In … Continue reading SANS Pen Test Cheat Sheet: Scapy


How Not to Fail at a Pen Test: Slides and Stream

Earlier this week, John Strand presented a fantastic webcast that was chock full of pen test tips. This post contains the slides as well as a link to the streaming slides and webcast audio. Here's the description of the talk: In this presentation, John and Ed will cover some key components that many penetration tests … Continue reading How Not to Fail at a Pen Test: Slides and Stream


Demanding MOAR From Your Vulnerability Assessments and Pen Tests - Slides and Link

A few weeks ago, I did a presentation on Demanding MOAR from Your Vulnerability Assessments & Pen Tests. I'd like to share the slides with you now. The presentation is full of tips, some easy and others more complex, for providing extra value in vuln assessment and pen test work. Here's the official description of … Continue reading Demanding MOAR From Your Vulnerability Assessments and Pen Tests - Slides and Link


Data, Data, Everywhere - What to do with Volumes of Nessus Output

[Editor's note: Here's a really nice article by Kevin Fiscus on a tool that'll help you analyze and manage a great deal of Nessus vulnerability scanner output. This is really helpful, cool stuff! Thanks, Kevin. -Ed.] By Kevin Fiscus Doing really good, high-value penetration testing is hard. You have to start with a solid, repeatable … Continue reading Data, Data, Everywhere - What to do with Volumes of Nessus Output


Network Pen Testing Tips, Tricks, Tools and Resources

[Editor's Note: For this year's SANS Pen Test Poster, we asked some of the best pen testers and instructors in the industry to share their wisdom in a series of tips, tricks, tools, and useful resources for various kinds of penetration tests. We got some great input on network pen testing, web app pen testing, … Continue reading Network Pen Testing Tips, Tricks, Tools and Resources