SANS Penetration Testing

Pen Test Poster: "White Board" - Bash - Useful IPv6 Pivot

By Matthew Toussain, Grant Curell Introduction As a guy coming from network engineering, it is really exciting to see IPv6 adoption finally starting to pick up. According to Akamai, Belgium is leading the charge at a whopping 50.3% adoption rate, but the US is picking up steam at a respectable 24.3% at the end … Continue reading Pen Test Poster: "White Board" - Bash - Useful IPv6 Pivot


Pen Test Poster: "White Board" - Bash - Encrypted Exfil Channel!

By Matthew Toussain, Geoff Pamerleau Introduction Sometimes, when looking through files for useful information after exploiting a box, you might run into a small file system or particularly interesting disk partition. Due to time constraints and the need for specialized analysis tools it might be helpful or even necessary to exfiltrate the entire partition. … Continue reading Pen Test Poster: "White Board" - Bash - Encrypted Exfil Channel!


Pen Test Poster: "White Board"- Python - Raw Shell Terminal

A long time ago, on networks in your community, we had "computer terminals" on our desks that talked to our computers. They may have looked like monitors with keyboard attached to them, but there was more to them than that. They had input buffers that processed what was typed on them. Function keys like the … Continue reading Pen Test Poster: "White Board"- Python - Raw Shell Terminal


Pen Test Poster: "White Board" - Python - Pythonic Web Client

Downloading files from the command line is routine tasks for most security professionals. For defenders, the Windows Schedule, SIM management interfaces, Web interfaces for appliances often allow you to schedule a single command for execution. The offensive folks who exploit a command injection vulnerability often need a simple way to download and execute code in … Continue reading Pen Test Poster: "White Board" - Python - Pythonic Web Client


Pen Test Poster: "White Board" - Python - Python Reverse Shell!

In SEC573: Automating Information Security with Python, we teach defenders to build tools that root out the signs of compromise in your sea of logs and network traffic. We teach forensicators to build tools to find that crucial piece of evidence with no other tools exist. We teach penetration testers how to build a few … Continue reading Pen Test Poster: "White Board" - Python - Python Reverse Shell!