SANS Penetration Testing: Category - Methodology

Got Meterpreter? PivotPowPY!

by Cliff Janzen My how time flies. It seems like only yesterday I wrote the post Got Meterpreter? Pivot! (/blog/2012/04/26/got-meterpreter-pivot), but it has been four and a half years. In our industry, the only thing constant is change and Mr. Ed Skoudis gave me the opportunity to revisit this topic to see what has changed. … Continue reading Got Meterpreter? PivotPowPY!


Modern Web Application Penetration Testing Part 1, XSS and XSRF Together

By: Adrien de Beaupre I enjoy performing penetration tests, I also enjoy teaching how to do penetration testing correctly. I will be teaching SANS SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques at many events this year. This is one of the many techniques that I will be exploring in this … Continue reading Modern Web Application Penetration Testing Part 1, XSS and XSRF Together


Opening a Can of Active Defense and Cyber Deception to Confuse and Frustrate Attackers

As Cybersecurity/Infosec Professionals we know that all you have to do is wait 30 seconds and someone else has been breached and two new vulnerabilities have been discovered (hypothetically of course). There are few jobs on Earth that see the constantly evolving challenges that we get the privilege to deal with. This constant state of … Continue reading Opening a Can of Active Defense and Cyber Deception to Confuse and Frustrate Attackers


Using the SSH "Konami Code" (SSH Control Sequences)

By Jeff McJunkin Are you familiar with the Konami code? The one popularized by the Contra video game? Pictured above: Tangentially related to SSH If not, let me fill you in. This code is a sequence of control actions for some video games that'll let you jump forward in the game (some call it a … Continue reading Using the SSH "Konami Code" (SSH Control Sequences)


Post Exploitation Redux Webcast Slides

Last Thursday, John Strand and I delivered a new webcast on post exploitation, covering all kinds of tips and tricks. I focussed on some of the cool stuff you can do with the Windows netsh command, including setting up port pivots, sniffing, and gaining remote access to a target's network configuration. John Strand discussed a … Continue reading Post Exploitation Redux Webcast Slides