SANS Penetration Testing: Category - Metasploit

Invasion of the Network Snatchers: Part I

[Editor's Note: In this article, Tim Medin discusses methods for penetration testing network infrastructure components, specifically through the Simple Network Management Protocol (SNMP). Tim's tips below include a nice overview of SNMP, techniques for formulating highly useful lists of potential authentication credentials for SNMP, a description of how to use an Nmap NSE script for … Continue reading Invasion of the Network Snatchers: Part I


SMB Relay Demystified and NTLMv2 Pwnage with Python

By Mark Baggett [Editor's Note: In this _excellent_ article, Mark Baggett explains in detail how the very powerful SMBRelay attack works and offers tips for how penetration testers can operationalize around it. And, bet yet, about 2/3rds of the way in, Mark shows how you can use a Python module to perform these attacks in … Continue reading SMB Relay Demystified and NTLMv2 Pwnage with Python


A Penetration Tester's Pledge

by Ed Skoudis Over the weekend, I was thinking about the wonderful psexec capabilities of tools like Metasploit, the Nmap Scripting engine smb-psexec script, and the psexec tool itself from Microsoft Sysinternals. It's my go-to exploit on Windows targets, once I have gained SMB access and admin credentials (username and password, or username and hash … Continue reading A Penetration Tester's Pledge


Tips for Evading Anti-Virus During Pen Testing

By Mark Baggett, the SANS Institute You know the old saying'' "Give a man a backdoor undetected by antivirus and he pwns for a day. Teach a man to make backdoors undetected by antivirus and you will get free drinks for life at DEF CON." During the exploitation phase of a pen test or ethical … Continue reading Tips for Evading Anti-Virus During Pen Testing