SANS Penetration Testing: Monthly Archives: Apr 2014

Data, Data, Everywhere - What to do with Volumes of Nessus Output

[Editor's note: Here's a really nice article by Kevin Fiscus on a tool that'll help you analyze and manage a great deal of Nessus vulnerability scanner output. This is really helpful, cool stuff! Thanks, Kevin. -Ed.] By Kevin Fiscus Doing really good, high-value penetration testing is hard. You have to start with a solid, repeatable … Continue reading Data, Data, Everywhere - What to do with Volumes of Nessus Output


Dealing with the Many Stages of Pen Test Result Grief - Part 1

By Ed Skoudis If you've done penetration testing for any length of time, I'm sure you've encountered it. You perform a beautiful penetration test - technically rigorous, focused on real business risk, all wrapped up with a solid report. You don't wanna brag, but you feel pretty darned proud of completing a job well done. … Continue reading Dealing with the Many Stages of Pen Test Result Grief - Part 1


Winner and Official Answer to Easter Challenge

[Hello, Challenge fans! Last Friday, we posted a nifty holiday-themed crypto & stego challenge by Chris Andre Dale. We offer a special thanks to Chris for creating the challenge and for letting us host it. A whole bunch of people managed to work their way through the challenge and solve it. But, there were two … Continue reading Winner and Official Answer to Easter Challenge


Easter Challenge - The Mystery of the Missing Easter Bunny

By Chris Andre Dale The Easter Bunny has been kidnapped, and YOU have to save him! Quickly collect yourself and help save him. Put on your detective hat and start investigating the clues provided. We managed to intercept a message from the kidnappers. Unfortunately it seems to be scrambled in some way. We also managed … Continue reading Easter Challenge - The Mystery of the Missing Easter Bunny


SANS Python Pen Testers | Exploit Heartbleed Vulnerabilities | SEC573

Pen Testers use Python to assess HeartBleed vulnerabilities. By Mark Baggett Unless you've been living in a cave without access to the outside world, you already know that OpenSSL 1.0.1 suffers from a serious vulnerability that allows a remote attacker to extract data from the memory of a target computer. The vulnerability was first made … Continue reading SANS Python Pen Testers | Exploit Heartbleed Vulnerabilities | SEC573