SANS Penetration Testing: Monthly Archives: Dec 2013

What I Got for Christmas: Polymorphic Blog Spam Comment Vomited on My Site

by Ed Skoudis Hope you had a great holiday! I got an unexpected nice gift for the holidays on one of my blogs. Below, you'll see a comment that was submitted to the SANS Pen Test Blog, which I run. As you can see, it is one of those lame pseudo-comments sent in as link-bait … Continue reading What I Got for Christmas: Polymorphic Blog Spam Comment Vomited on My Site


Pen Test Tips, Tricks, and Tools - Pulling it All Together

[Editor's Note: Here is our final installment of tips from the SANS Pen Test Poster, this time focussed on Pulling It All Together in your pen tests. If youare interested in this type of information, you should know that I'm going to be teaching my SANS SEC 560 course on network penetration testing & ethical … Continue reading Pen Test Tips, Tricks, and Tools - Pulling it All Together


Web App Tips, Tricks and Resources

[Editor's Note: Here is the fifth in our series of penetrating testing tips drawn from the UltimateSANS Pen Test Poster. This time, our focus is on specific recommendations from Kevin Johnson about web app pen test tips, tools, resources, and other recommendations. Really helpful stuff. Thanks, Kevin! For earlier posts in this series, feel free … Continue reading Web App Tips, Tricks and Resources


Removing the Android Device Lock from any Mobile App

[Editor's note: In this blog post, Raul Siles goes in-depth exploring how to attack a vulnerability in the way Android device lock works. Although a patch was released last week for this flaw, the slow (or nonexistent) update cycle for many users means this attack mechanism will be valid for quite some time to come. … Continue reading Removing the Android Device Lock from any Mobile App


Wireless Tips, Tricks and Resources

[Editor's Note: We're continuing our series on useful tips and tricks for different kinds of pen testing, based on the SANS Pen Test Poster. In this installment, Mr. Larry "Hax0r the Matrix" Pesce covers some great tips, ideas, and resources for wireless penetration tests. Great stuff! Earlier in this series, we covered: John Strand's tips … Continue reading Wireless Tips, Tricks and Resources


Mobile Device Tips, Tricks and Resources

By Josh Wright [In this third installation of tips originally included in the Ultimate SANS Pen Test Poster, we'll turn to Josh Wright's tips for mobile device penetration testing. Josh shares some really useful insights here, as well as recommendations for tools (software and hardware) and resources for keeping current. Nice stuff! Click these links … Continue reading Mobile Device Tips, Tricks and Resources