Blog: SANS Penetration Testing

Blog: SANS Penetration Testing

My Juiced Up WiFi Pineapple Configurator Script

By Chris Crowley

I recently acquired a WiFi Pineapple Mark V to replace my Mark IV, and I've got a config script to help folks simplify the config and use of this amazing product.

For those of you unfamiliar with the WiFi Pineapple, it is a wireless attack platform in a box, excellent for penetration testers. It collects a variety of tools into a pen test specific device, a convenient single portable appliance for all kinds of wonderful Wifi hacks. The ability to impersonate a specific access point (AP) is present, as well as abusing client preferred network lists using Karma. You can do funny things like rick rolling, or nasty delivery of a meterpreterer with every page that the user browses to. There are configurable options to exclude specific devices from testing (a black list), or provide a list of devices that are within scope (a white list, which is a much safer way to ensure you don't end up attacking a bunch of nearby

...

Data, Data, Everywhere What to do with Volumes of Nessus Output

[Editor's note: Here's a really nice article by Kevin Fiscus on a tool that'll help you analyze and manage a great deal of Nessus vulnerability scanner output. This is really helpful, cool stuff! Thanks, Kevin. --Ed.]

By Kevin Fiscus

Doing really good, high-value penetration testing is hard. You have to start with a solid, repeatable methodology on which you build a process implemented via tools and techniques. It is a technical endeavor that is, more often than not, remarkably creative. But, to do it well, you need to understand hacker techniques, cyber defense, protocols, packets, and even people. Sometimes, however, basic logistics get in the way. The problem, in many cases, is that the tools are simply too good, or rather, they give too much information but lack a particularly effective way for a penetration tester to use that information. Case in point: Nessus.

Nessus is a fantastic vulnerability scanner. It has the capability to perform both

...

Dealing with the Many Stages of Pen Test Result Grief Part 1

By Ed Skoudis

If you've done penetration testing for any length of time, I'm sure you've encountered it. You perform a beautiful penetration test — technically rigorous, focused on real business risk, all wrapped up with a solid report. You don't wanna brag, but you feel pretty darned proud of completing a job well done.

And then.it happens. Target system personnel, the very people you've labored to help secure, blindside you with a barrage of criticisms of your findings in your draft report. Some penetration testers are shocked as target system personnel, both business decision makers and the technical people responsible for acting on the pen test findings, reject your results. It's almost as though they willfully don't understand your findings and the associated business risk. Your findings make perfect sense to you, yet they just don't get it despite your efforts to explain things as best you can. And, you still have to turn your draft report into a final

...

Winner and Official Answer to Easter Challenge

[Hello, Challenge fans! Last Friday, we posted a nifty holiday-themed crypto & stego challenge by Chris Andre Dale. We offer a special thanks to Chris for creating the challenge and for letting us host it. A whole bunch of people managed to work their way through the challenge and solve it. But, there were two answers that were particularly noteworthy, and will receive two T-shirts each: a NetWars T-Shirt plus our SANS Pen Test Curriculum T-shirt.

Our first-place winner, who had the entire correct answer in the shortest time, was Matt Giannetto! He provided some great code to decipher the message and save the bunny, winningthe two T-shirts. Additionally, we'll provide a bonus prize (of the two T-shirts) for oneof the

...

Easter Challenge - The Mystery of the Missing Easter Bunny

By Chris Andre Dale

The Easter Bunny has been kidnapped, and YOU have to save him! Quickly collect yourself and help save him. Put on your detective hat and start investigating the clues provided.

We managed to intercept a message from the kidnappers. Unfortunately it seems to be scrambled in some way. We also managed to intercept a ciphered message from one of the criminals and the cipher text below. The cipher text was once considered unbreakable, however newer techniques of cryptoanalysis have proven how to beat it. Listen to the intercepted message from the kidnappers, or attack the cipher message. Your choice.

The intercepted message can be played back here:

...