SANS Penetration Testing

Modern Web Application Penetration Testing Part 1, XSS and XSRF Together

By: Adrien de Beaupre I enjoy performing penetration tests, I also enjoy teaching how to do penetration testing correctly. I will be teaching SANS SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques at many events this year. This is one of the many techniques that I will be exploring in this … Continue reading Modern Web Application Penetration Testing Part 1, XSS and XSRF Together


Opening a Can of Active Defense and Cyber Deception to Confuse and Frustrate Attackers

As Cybersecurity/Infosec Professionals we know that all you have to do is wait 30 seconds and someone else has been breached and two new vulnerabilities have been discovered (hypothetically of course). There are few jobs on Earth that see the constantly evolving challenges that we get the privilege to deal with. This constant state of … Continue reading Opening a Can of Active Defense and Cyber Deception to Confuse and Frustrate Attackers


Pen Test Poster: "White Board" - Bash - Make Output Easier to Read

By Matthew Toussain, Geoff Pamerleau Data! DATA!! DATA!!! So much data'' an endlessly grueling component of every information security practitioner's job description is data analysis. Often, digging through an environment for vulnerabilities or configuration flaws involves scrounging through reams of log data. It is not uncommon to find your eyes glazing over while staring at … Continue reading Pen Test Poster: "White Board" - Bash - Make Output Easier to Read


Pen Test Poster: "White Board" - Bash - Check Service Every Second

By Matthew Toussain &Geoff Pamerleau If you've had the opportunity to take SANS 560, Network Penetration Testing and Ethical Hacking, chances are you were exposed to the Pentester's Pledge. The pledge, for those who aren't familiar is: "I , do hereby pledge to use psexec to exploit Windows target machines after I have gained … Continue reading Pen Test Poster: "White Board" - Bash - Check Service Every Second


SANS Pen Test Cheat Sheet: Metasploit

For the longest time we haven't had a proper blog post for our Metasploit Cheat Sheet. This is one of our most popular cheat sheets. It was created by Ed Skoudis and his team. When we attend BSides and conferences like DerbyCon and ShmooCon we bring a ton of printed copies with us and give … Continue reading SANS Pen Test Cheat Sheet: Metasploit