SANS Penetration Testing: Monthly Archives: Oct 2011

Making Blind SQL Injection More Efficient - New Tool

[Editor's note: In this excellent article, Mark Baggett covers a technique he's implemented in a brand new tool for making blind SQL injection penetration testing and ethical hacking far more efficient using dynamic character frequency tables. The article describes his approach, covers a new tool he's created, and features a video demo. Awesome stuff for … Continue reading Making Blind SQL Injection More Efficient - New Tool


Mobile Application Assessments Part 2: A Look at Windows Mobile

[Editor's note: This is the second article in a series of tips, tools, and techniques for analyzing mobile applications and their associated infrastructures. It builds on the previous article which focused on an overall approach, but now focusing on tools and common findings for vulnerable Windows mobile client applications. -Ed.] By Erik Van Buggenhout, Koen … Continue reading Mobile Application Assessments Part 2: A Look at Windows Mobile


An Intense Look at the Mobile Computing Threat

By Josh Wright [Editor's Note: On this blog, we often post articles. But other times, we post presentations because, for a lot of us, the best way to convey a lot of relevant information is to use slide format. Also, for many readers, an intense set of slides can really hammer home some points in … Continue reading An Intense Look at the Mobile Computing Threat


The Bluetooth Dilemma

[Editor's Note: Did you see the security bulletin from Visa about the new credit card skimming attacks that rely on Bluetooth? Josh Wright did. In this excellent article, Josh analyzes Visa's recommendations that organizations begin scanning for unidentified Bluetooth signals and pairings in retail environments. If you, as a penetration tester, ethical hacker, or incident … Continue reading The Bluetooth Dilemma


Forward from Coding For Penetration Testers

[Editors Note: I had the honor of writing the Forward to the fantastic new book Coding for Penetration Testers: Building Better Tools by Jason Andress and Ryan Linn, published this month. Think of this Forward as part book review and part adventure through a mind over-influenced by ethical hacking, penetration testing, and movies. There are … Continue reading Forward from Coding For Penetration Testers


Tips for Fat Client, Web App, and Mobile Pen Testing Serialized Object Communication Using the Burp Suite

[A couple of weeks ago on the GPWN mailing list open to alums of SANS Pen Test courses, there was a discussion about attacking fat client, web apps, and mobile applications using Java Serialized Objects communicating with a back-end server. Miika Turkia posted a response to some questions there about an approach to altering the … Continue reading Tips for Fat Client, Web App, and Mobile Pen Testing Serialized Object Communication Using the Burp Suite


Breach-Zilla: Lessons Learned from Large-Scale Breaches - Slides

[As promised, here are the slides from the presentation I did on Friday in New York City regarding large-scale breaches and lessons learned. I hope you find them useful. The description of the talk follows. The slides have more details. By the way, if you are interested in this kind of thing, specifically the in-depth … Continue reading Breach-Zilla: Lessons Learned from Large-Scale Breaches - Slides


Special Request: Wireless Client Sniffing with Scapy

[Editor comment: Dude! A Scapy article by Josh Wright that can help us stay in scope and follow rules of engagement in a pen test? What's not to like? -Ed.] By Joshua Wright I participate on the Scapy mailing list, helping out with questions where I am able. Recently, I saw a question that … Continue reading Special Request: Wireless Client Sniffing with Scapy


Mobile Application Assessments - Attack Vectors and Arsenal Inventory

[Editor comment: This is the first post of an in-depth series by three skilled pen testers and great authors, focused on assessing mobile application and their associated infrastructure. The series will unfold over the next month or two. We start, naturally enough, with the overall methodology, a description of attack vectors, and an inventory of … Continue reading Mobile Application Assessments - Attack Vectors and Arsenal Inventory


Tips for Evading Anti-Virus During Pen Testing

By Mark Baggett, the SANS Institute You know the old saying'' "Give a man a backdoor undetected by antivirus and he pwns for a day. Teach a man to make backdoors undetected by antivirus and you will get free drinks for life at DEF CON." During the exploitation phase of a pen test or ethical … Continue reading Tips for Evading Anti-Virus During Pen Testing