SANS Penetration Testing: Author - eskoudis

Why You Need the Skills to Tinker with Publicly Released Exploit Code

By Chris Davis If you are a security enthusiast, like me, then you likely find yourself tinkering with exploit code for most of the major vulnerabilities that are released. This "tinkering" can be incredibly valuable to security researchers, blue teamers, and especially penetration testers. In fact, I frequently find myself modifying and testing public exploit … Continue reading Why You Need the Skills to Tinker with Publicly Released Exploit Code


Understanding and Exploiting Web-based LDAP

By Chris Davis Enterprisesfrequently contain Active Directory environments to manage domain objects like users, organizations, departments, computers, and printers. Combine this with anincrease in custom web applications and organizationsnaturally desire to integrate these two technologies together. This integration is an excellent way to create centralized authentication to their domain but also provides a method to … Continue reading Understanding and Exploiting Web-based LDAP


Massively Scaling your Scanning

By Jeff McJunkin Often when doing penetration tests, clients will ask me to scan their external network presence[1]. For smaller companies, I can often use nmap from start to finish for all my scanning needs. However, for the sake of larger network ranges let's separate out some of our scanning needs: Network sweeping: Determining which … Continue reading Massively Scaling your Scanning


Using Let's Encrypt in Google Compute Engine...

...Or How I Learned to Stop Worrying and Love the Cloud By Daniel Pendolino The Issue While working on last year's SANS Holiday Hack Challenge, we came to the point where the target systems were stable and the mad rush had ebbed. At this point, I started focusing on long-term stability (read: I want Holiday … Continue reading Using Let's Encrypt in Google Compute Engine...


Mining Android Secrets (Decoding Android App Resources)

By Jeff McJunkin As a pen tester and avid Android user, I'm keenly interested in the security of Android applications. Even without looking at the code, we can gain a tremendous understanding of what happens in the deep, dark corners of an application. All we need to do is dig away at the Android resources. … Continue reading Mining Android Secrets (Decoding Android App Resources)