SANS Penetration Testing: Monthly Archives: Feb 2017

Opening a Can of Active Defense and Cyber Deception to Confuse and Frustrate Attackers

As Cybersecurity/Infosec Professionals we know that all you have to do is wait 30 seconds and someone else has been breached and two new vulnerabilities have been discovered (hypothetically of course). There are few jobs on Earth that see the constantly evolving challenges that we get the privilege to deal with. This constant state … Continue reading Opening a Can of Active Defense and Cyber Deception to Confuse and Frustrate Attackers


Pen Test Poster: "White Board" - Bash - Make Output Easier to Read

By Matthew Toussain, Geoff Pamerleau Data! DATA!! DATA!!! So much data'' an endlessly grueling component of every information security practitioner's job description is data analysis. Often, digging through an environment for vulnerabilities or configuration flaws involves scrounging through reams of log data. It is not uncommon to find your eyes glazing over while staring at … Continue reading Pen Test Poster: "White Board" - Bash - Make Output Easier to Read


Pen Test Poster: "White Board" - Bash - Check Service Every Second

By Matthew Toussain &Geoff Pamerleau If you've had the opportunity to take SANS 560, Network Penetration Testing and Ethical Hacking, chances are you were exposed to the Pentester's Pledge. The pledge, for those who aren't familiar is: "I , do hereby pledge to use psexec to exploit Windows target machines after I have … Continue reading Pen Test Poster: "White Board" - Bash - Check Service Every Second


SANS Pen Test Cheat Sheet: Metasploit

For the longest time we haven't had a proper blog post for our Metasploit Cheat Sheet. This is one of our most popular cheat sheets. It was created by Ed Skoudis and his team. When we attend BSides and conferences like DerbyCon and ShmooCon we bring a ton of printed copies with us and give … Continue reading SANS Pen Test Cheat Sheet: Metasploit


SANS Penetration Testing: Command Line Kung-Fu - Desktop Wallpapers

SANS Pen Test: Command Line Kung-Fu Desktop Wallpapers So... we madeour new SANS Pen Test Poster: "White Board of Awesome Command Line Kung-Fu" and posted it on Twitter for some initial feedback and someone asked us if we could turn it into a desktop wallpaper and we thought, "that's a really cool idea!" But, we … Continue reading SANS Penetration Testing: Command Line Kung-Fu - Desktop Wallpapers


Pen Test Poster: "White Board" - Bash - What's My Public IP Address?

By Matthew Toussain, Geoff Pamerleau Introduction After hours of digging, you finally reach your goal and exclaim, "I GOT SHELL!" You brush the dirt off your shoulders and suddenly wonder, "Now what?" Fortunately, if it's a Unix system, we can leverage the rich functionality that comes with Bash in order to move our pentest … Continue reading Pen Test Poster: "White Board" - Bash - What's My Public IP Address?


Pen Test Poster: "White Board" - Bash - Bash's Built-In Netcat Client

By Matthew Toussain, Geoff Pamerleau Introduction Sifting through client external and internal websites is a vital step in any pentest. A tester can uncover all sorts of juicy information such as the identities of important individuals, email addresses, corporate jargon, trusted relationships, and more just hanging out there in the open. But sometimes you really … Continue reading Pen Test Poster: "White Board" - Bash - Bash's Built-In Netcat Client


Pen Test Poster: "White Board" - Bash - Useful IPv6 Pivot

By Matthew Toussain, Grant Curell Introduction As a guy coming from network engineering, it is really exciting to see IPv6 adoption finally starting to pick up. According to Akamai, Belgium is leading the charge at a whopping 50.3% adoption rate, but the US is picking up steam at a respectable 24.3% at the … Continue reading Pen Test Poster: "White Board" - Bash - Useful IPv6 Pivot


Pen Test Poster: "White Board" - Bash - Encrypted Exfil Channel!

By Matthew Toussain, Geoff Pamerleau Introduction Sometimes, when looking through files for useful information after exploiting a box, you might run into a small file system or particularly interesting disk partition. Due to time constraints and the need for specialized analysis tools it might be helpful or even necessary to exfiltrate the entire partition. … Continue reading Pen Test Poster: "White Board" - Bash - Encrypted Exfil Channel!


Pen Test Poster: "White Board"- Python - Raw Shell Terminal

A long time ago, on networks in your community, we had "computer terminals" on our desks that talked to our computers. They may have looked like monitors with keyboard attached to them, but there was more to them than that. They had input buffers that processed what was typed on them. Function keys like the … Continue reading Pen Test Poster: "White Board"- Python - Raw Shell Terminal