SANS Penetration Testing

Massively Scaling your Scanning

By Jeff McJunkin Often when doing penetration tests, clients will ask me to scan their external network presence[1]. For smaller companies, I can often use nmap from start to finish for all my scanning needs. However, for the sake of larger network ranges let's separate out some of our scanning needs: Network sweeping: Determining which … Continue reading Massively Scaling your Scanning


SCAPY Full Duplex Stream Reassembly

I recently had someone ask me how you can have scapy reassemble full duplex packets for you. That is what Wireshark does when you ask it to "Follow TCP Stream". In SANS SEC573: Automating Information Security with Python we discuss how to use scapy's native session reassembly capabilities, but its default behavior is to … Continue reading SCAPY Full Duplex Stream Reassembly


SQLMAP Tamper Scripts for The Win

During a recent penetration test BURP Suite identified some blind SQL Injection vulnerabilities in a target website. Pointing SQLMAP at the website showed us no love and simply said it was unable to exploit the website. I had mentioned the SQLi issues to the customer and he said that previous penetration testers said they … Continue reading SQLMAP Tamper Scripts for The Win


How to Guide: Cracking into Piles of Files

by: Matt Edmondson (Editor's Note: this blog was originally submitted for posting on March 25th, but wasn't posted until October 4th. We hope you enjoy this content and that Matt Edmondson continues to give freely of his knowledge to the blog.) Password cracking is one of my favorite parts of information security. Many of us … Continue reading How to Guide: Cracking into Piles of Files


Modern Web Application Penetration Testing Part 2, Hash Length Extension Attacks

By: Adrien de Beaupre I will be teachingSANS SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniquesat many events this year, I am also the co-author for the course. AKA the most advanced web app pentest course on the planet, probably the galaxy! This is one of the many techniques that I will … Continue reading Modern Web Application Penetration Testing Part 2, Hash Length Extension Attacks