SANS Penetration Testing

Pen Test Poster: "White Board" - Python - Pythonic Web Server

This is such a great little tip. I use this quite frequently during my day to day operations to transfer files back and forth between systems or to colleagues. This wonderful little command will start a web server and make the contents of the folder that the command is launched from available for download. I … Continue reading Pen Test Poster: "White Board" - Python - Pythonic Web Server


Pen Test Poster: "White Board" - Python - Python Debugger

I realize that this may not apply to many of the super awesome reader of the SANS blogs, but when mere mortals develop tools the first few versions often have bugs in the code. Python has a very nice debugger that is part of the standard installation called PDB. PDB, aka The Python Debugger is … Continue reading Pen Test Poster: "White Board" - Python - Python Debugger


Mining Android Secrets (Decoding Android App Resources)

By Jeff McJunkin As a pen tester and avid Android user, I'm keenly interested in the security of Android applications. Even without looking at the code, we can gain a tremendous understanding of what happens in the deep, dark corners of an application. All we need to do is dig away at the Android resources. … Continue reading Mining Android Secrets (Decoding Android App Resources)


Getting MOAR Value out of PHP Local File Include Vulnerabilities

By Jeff McJunkin Wouldn't web application penetration testing be easier if you could look at the source code? Well, when looking to expand my web apppentesting skills, my good friend and co-worker, Josh Wright, mentioned a specific new twist for Local File Include vulnerabilities on PHP-based web servers: PHP wrappers. PHP wrappers allowus to make … Continue reading Getting MOAR Value out of PHP Local File Include Vulnerabilities


Mount a Raspberry Pi File System Image

By Josh Wright Yesterday, I started my yearly Epic Desk Cleanout. This annual ritual is more about holding up a trash can and sweeping everything into it. I really clean, which includes cataloging all the random SD cards I've collected throughout the year. For SD cards, I'll typically dd the contents of the drive to … Continue reading Mount a Raspberry Pi File System Image