SANS Penetration Testing: Author - eskoudis

Modifying Android Apps: A SEC575 Hands-on Exercise, Part 1

By Joshua Wright Introduction As a security professional, I'm called on to evaluate the security of Android applications on a regular basis. This evaluation process usually takes on one of two forms: Evaluate app security from an end-user perspective Evaluate app security from a publisher perspective While there is a lot of overlap between the … Continue reading Modifying Android Apps: A SEC575 Hands-on Exercise, Part 1


Traffic Lights and Modbus/TCP - A SEC562 CyberCity Hacking Adventure

By Joshua Wright When the Counter Hack team started building the SEC562: CyberCity Hands-on Kinetic Cyber Range class, I knew I wanted to develop a mission that involved the Industrial Control protocol Modbus/TCP and traffic lights. Because CyberCity is 1:87 scale, I needed to build my own traffic light controller using Modbus/TCP with model-sized traffic … Continue reading Traffic Lights and Modbus/TCP - A SEC562 CyberCity Hacking Adventure


SANS Orlando 2015 Brochure Challenge Answers and Winner

By Mark Baggett Hello Security Pros! Many of you have noticed that SANS has included a challenge in this year's brochure for the Orlando conference. We had 79 people submit correct answers to the puzzle. From those names, we chose one name as the grand prize winner and that grand prize winner will receive four … Continue reading SANS Orlando 2015 Brochure Challenge Answers and Winner


SANS 2015 Shmoo Challenge Winners and Official Answer

by Jeff McJunkin Greetings! Those of you who attended ShmooCon this year may have noticed a challenge from SANS included in your Shmoo bags. If you didn't attend and you want to walk through the challenge yourself for some fun, I'd recommend you look at the challenge description and avoid reading the official write-up at … Continue reading SANS 2015 Shmoo Challenge Winners and Official Answer


Post Exploitation Redux Webcast Slides

Last Thursday, John Strand and I delivered a new webcast on post exploitation, covering all kinds of tips and tricks. I focussed on some of the cool stuff you can do with the Windows netsh command, including setting up port pivots, sniffing, and gaining remote access to a target's network configuration. John Strand discussed a … Continue reading Post Exploitation Redux Webcast Slides