SANS Penetration Testing: Author - jblanchard

SANS Poster - White Board of Awesome Command Line Kung Fu (PDF Download)

by: SANS Pen Test Team Imagine you are sitting at your desk and come across a great command line tip that will assist you in your careeras an information security professional, so you jot the tip down on a note, post-it, or scrap sheet of paper and tape it to your white board... now … Continue reading SANS Poster - White Board of Awesome Command Line Kung Fu (PDF Download)


So You Wanna Be a Pen Tester? 3 Paths To Consider (Updated)

Tips for Entering the Penetration Testing Field By Ed Skoudis It's an exciting time to be a professional penetration tester. As malicious computer attackers amp up the number and magnitude of their breaches, the information security industry needs an enormous amount of help in proactively finding and resolving vulnerabilities. Penetration testers who are able to … Continue reading So You Wanna Be a Pen Tester? 3 Paths To Consider (Updated)


SANS Poster: Building a Better Pen Tester - PDF Download

Blog Post by: Jason Blanchard It's here! It's here! The NEW SANS Penetration Testing Curriculum Poster has arrived (in PDF format)! This blog post is for the downloadable PDF version of the new "Blueprint: Building a Better Pen Tester" Poster created by the SANS Pen Test Curriculum. The front of theposter is full … Continue reading SANS Poster: Building a Better Pen Tester - PDF Download


SCAPY Full Duplex Stream Reassembly

I recently had someone ask me how you can have scapy reassemble full duplex packets for you. That is what Wireshark does when you ask it to "Follow TCP Stream". In SANS SEC573: Automating Information Security with Python we discuss how to use scapy's native session reassembly capabilities, but its default behavior is to … Continue reading SCAPY Full Duplex Stream Reassembly


SQLMAP Tamper Scripts for The Win

During a recent penetration test BURP Suite identified some blind SQL Injection vulnerabilities in a target website. Pointing SQLMAP at the website showed us no love and simply said it was unable to exploit the website. I had mentioned the SQLi issues to the customer and he said that previous penetration testers said they … Continue reading SQLMAP Tamper Scripts for The Win