SANS Penetration Testing: Monthly Archives: Aug 2017

Pen Test Poster: "White Board" - Bash - Website Cloner

By Matthew Toussain, Geoff Pamerleau According to Verizon's 2016 Data Breach Investigations Report 30 percent of phishing messages get opened by targeted users and 12 percent of those users click on the malicious attachment or link. That means, on average, every 4 phished users should (statistically) yield one click. Developing a highly targeted message … Continue reading Pen Test Poster: "White Board" - Bash - Website Cloner


Pen Test Poster: "White Board" - PowerShell - Find Juicy Stuff in File System

By Matthew Toussain Get-ChildItem may be the most horrific way to express the concept of listing the contents of a directory, but fortunately PowerShell has aliases: gci, dir, and ls! That's right PowerShell has solved the antediluvian ls/dir wars by aliasing both to a magical, if nonsensical, yet grammatically complete, sentence. Because PowerShell cmdlets … Continue reading Pen Test Poster: "White Board" - PowerShell - Find Juicy Stuff in File System