SANS Penetration Testing: Daily Archives: Oct 13, 2011

Special Request: Wireless Client Sniffing with Scapy

[Editor comment: Dude! A Scapy article by Josh Wright that can help us stay in scope and follow rules of engagement in a pen test? What's not to like? -Ed.] By Joshua Wright, InGuardians I participate on the Scapy mailing list, helping out with questions where I am able. Recently, I saw a question … Continue reading Special Request: Wireless Client Sniffing with Scapy


Mobile Application Assessments - Attack Vectors and Arsenal Inventory

[Editor comment: This is the first post of an in-depth series by three skilled pen testers and great authors, focused on assessing mobile application and their associated infrastructure. The series will unfold over the next month or two. We start, naturally enough, with the overall methodology, a description of attack vectors, and an inventory of … Continue reading Mobile Application Assessments - Attack Vectors and Arsenal Inventory


Tips for Evading Anti-Virus During Pen Testing

By Mark Baggett, the SANS Institute You know the old saying'' "Give a man a backdoor undetected by antivirus and he pwns for a day. Teach a man to make backdoors undetected by antivirus and you will get free drinks for life at DEF CON." During the exploitation phase of a pen test or ethical … Continue reading Tips for Evading Anti-Virus During Pen Testing