SANS Penetration Testing: Monthly Archives: Jun 2012

Invasion of the Mobile Phone Snatchers - Part 1

[Editor's Note: Last Friday, Josh Wright did an awesome webcast on how penetration testers can extract sensitive information from mobile devices during an ethical hacking project, simulating what could happen if a bad guy snags a device and uses it to gather info to attack an organization. Josh provides some commentary as well as his … Continue reading Invasion of the Mobile Phone Snatchers - Part 1


Escaping Restricted Linux Shells

[Editor's Note: On the GPWN mailing list for SANS Pen Test Course Alumni a few months ago, we had a nice, lively discussion about techniques penetration testers and ethical hackers could use to escape a restricted shell environment. A lot of nifty techniques were offered in what amounted to an interactive brainstorming session on the … Continue reading Escaping Restricted Linux Shells


Tips for Pen Testers on Exploiting the PHP Remote Execution Vulnerability

[Editor's Note: A couple of weeks ago, there was some hubbub about a vulnerability in PHP that allowed for remote system compromise, as described in CVE-2012-1823. Bad guys are exploiting this in the wild now, as reported by the Internet Storm Center here. Jose Selvi wrote a brief article summarizing the type of issue we're … Continue reading Tips for Pen Testers on Exploiting the PHP Remote Execution Vulnerability