SANS Penetration Testing: Monthly Archives: Feb 2014

Building a Pen Test Lab - Hardware for Hacking at Home on the Cheap

[Editor's Note: Jeff McJunkin shares some insight into building a good virtualization infrastructure for practicing your pen test skills, evaluating tools, and just plain becoming a better penetration tester, all without breaking the bank. Nice! -Ed.] By Jeff McJunkin Practical, hands-on experience is a good thing, right? As good as it is though, it doesn't … Continue reading Building a Pen Test Lab - Hardware for Hacking at Home on the Cheap


Security ADD - Offense, Defense, Or What?

[Editor's Note: In this post, theunparalleledSeth Misenar tackles the question of whether it's OK for a security professional to walk the line between offense and defense, or whether someone should take the plunge on one of these two sides. He lays bare hisverysoul as he debates the options before us all.] By Seth Misenar I … Continue reading Security ADD - Offense, Defense, Or What?


Mission Impossible? Thwarting Cheating in an Advanced Pen Test Class CtF: The SANS SEC660 Experience

[Editor's Note: SANS course on advanced pen testing (SEC660) teaches a lot of great, in-depth topics, including exploit development, network manipulation (NAC bypass, Scapy packet crafting, man-in-the-middle attacks, and more), and Python for pen testers with tons of hands-on exercises. The whole class culminates in a full-day, intense capture the flag event, where the winners … Continue reading Mission Impossible? Thwarting Cheating in an Advanced Pen Test Class CtF: The SANS SEC660 Experience


Pen-Test-A-Go-Go: Integrating Mobile and Network Attacks for In-Depth Pwnage

Josh Wright and I presented a webcast a few months back that is chock full of useful pen testing techniques from the mobile and network arenas. Based on the new SANS course, SEC561: Intense Hands-on Skill Development for Pen Testers, this webcast covers numerous useful techniques, such as: Exploiting and automating data harvesting from iOS … Continue reading Pen-Test-A-Go-Go: Integrating Mobile and Network Attacks for In-Depth Pwnage