SANS Penetration Testing: Monthly Archives: Jul 2014

SANS Pen Test Hackfest Twitter Contest

We're delighted to announce a new Twitter-based contest here with a fantastic prize. And, participating in this one is really easy. Check it out. On November 13 through 20, SANS will be running our second annual Pen Test Hackfest training eventin Washington DC. We throw everything we've got into this extra special event, including: Two … Continue reading SANS Pen Test Hackfest Twitter Contest


Announcing the Awesome New SANS Brochure Challenge

Here's some fun news. SANS just released a new kind of challenge - one that unfolds from the pages of a SANS brochure itself. Created by Jeff McJunkin and a group of challenge-writing collaborators, we launched it this week with the mailing of the SANS Network Security brochure for the upcoming conference in Las Vegas … Continue reading Announcing the Awesome New SANS Brochure Challenge


Dealing with the Many Stages of Pen Test Result Grief - Part 2

By Ed Skoudis In this series of articles, we're looking at some of the grief that penetration testers often encounter when they deliver their results and recommendations. Our premise? You, a great pen tester, work your tail off to conduct a wonderful, high-value, technically awesome pen test. The result? Target system personnel vomit all over … Continue reading Dealing with the Many Stages of Pen Test Result Grief - Part 2


Sneaky Stealthy SU in (Web) Shells

[In this article, the inimitable Tim Medin has some fun with PHP web shells, and merges together some clever ideas for interacting with them in a rather stealthier fashion using some Python kung fu! -Ed.] By: Tim Medin Here is the scenario: you have a server that allows you to upload an avatar. The site … Continue reading Sneaky Stealthy SU in (Web) Shells