SANS Penetration Testing: Category - Post Exploitation

SANS Penetration Testing:

NoSQL? No Problem! Pillaging MongoDB for Fun and Profit

By Josh Wright Database technology continues to evolve to meet different application needs. One example of this is the adoption of NoSQL databases used by many different modern web applications. NoSQL databases depart from the traditional table-based storage mechanisms widely known and loved (mildly appreciated?), and instead store simple key-value data pairs, JSON documents, graph … Continue reading NoSQL? No Problem! Pillaging MongoDB for Fun and Profit

Post Exploitation Redux Webcast Slides

Last Thursday, John Strand and I delivered a new webcast on post exploitation, covering all kinds of tips and tricks. I focussed on some of the cool stuff you can do with the Windows netsh command, including setting up port pivots, sniffing, and gaining remote access to a target's network configuration. John Strand discussed a … Continue reading Post Exploitation Redux Webcast Slides

Awkward Binary File Transfers with Cut and Paste

[Editor's note: Josh Wright spins up another useful blog article about different ways to move files to and from Linux systems. Lots of nice little tricks in this one. Thanks, Josh! -Ed.] By Josh Wright Sometimes I find myself with access to a remote Linux or Unix box, with limited opportunity to transfer files to … Continue reading Awkward Binary File Transfers with Cut and Paste

Using Built-Ins to Explore a REALLY Restricted Shell

By Ed Skoudis and Josh Wright Josh Wright and I were working on a project recently which involved a target machine with a really restricted shell environment. I'm not talking about a mere rbash with some limits on the executables we could access, but instead a shell so restricted we could not run any binaries … Continue reading Using Built-Ins to Explore a REALLY Restricted Shell

Announcing the Awesome New SANS Brochure Challenge

Here's some fun news. SANS just released a new kind of challenge - one that unfolds from the pages of a SANS brochure itself. Created by Jeff McJunkin and a group of challenge-writing collaborators, we launched it this week with the mailing of the SANS Network Security brochure for the upcoming conference in Las Vegas … Continue reading Announcing the Awesome New SANS Brochure Challenge