SANS Penetration Testing: Author - eskoudis

Ghost in the Droid: Reverse Engineering Android Apps

By Joshua Wright For the past few years I've been invited to speak at the SANS HackFest conference. This is a great opportunity for me to present new research and useful pen testing techniques to a hungry audience. It's also a highly competitive event among speakers. Each year my stuff needs to be bigger and … Continue reading Ghost in the Droid: Reverse Engineering Android Apps


Azure 0day Cross-Site Scripting with Sandbox Escape

[Editor's Note: Chris Dale is an amazing gentleman. He finds Cross-Site Scripting (XSS) flaws in the most interesting and wonderful places. In this article, Chrisshares some insights into his methods and how he applied them in finding a zero-day XSS flaw associated with Microsoft Asure. Good reading! -Ed.] By Chris Dale Earlier in 2016, I … Continue reading Azure 0day Cross-Site Scripting with Sandbox Escape


SANS Pen Test Cheat Sheet: PowerShell

by Ed Skoudis PowerShell really is amazing, and comes in handy for all kinds of infosec tasks, from defense to analysis to offense. In my SANS Security 560 course, we cover PowerShell as a post-exploitation language, with all kinds of nifty tips and tricks for using it. When I teach the class, though, I notice … Continue reading SANS Pen Test Cheat Sheet: PowerShell


SANS Pen Test Cheat Sheet: Scapy

One of my favorite tools for fine-grained interactions with target systems during penetration testing is the mightyScapy. While other tools are indispensable for scanning large numbers of machines, Scapy is like a fine-grained scalpel for manipulating a single target in a myriad of cool ways. With all kinds of features, Scapy just rocks. In … Continue reading SANS Pen Test Cheat Sheet: Scapy


Mobile Device Security Checklist

By Lee Neely & Joshua Wright We often get asked for things we can do to help users keep their mobile devices secure. Here's a quick list of some simple things you can do to ensure that your mobile devices are running with at leastsomesecurity. All of these steps are free and raise the bar … Continue reading Mobile Device Security Checklist