SANS Penetration Testing: Category - Methodology

SANS Pen Test Poster: Pivots Payloads Boardgame

We are excited to introduce to you the new SANS Penetration Testing Educational Poster, "Pivots & Payloads Board Game"! It is a poster and a board game. How is it a board game? You can lay it down on a table, cut out the game pieces and game modifiers, use a dice to move … Continue reading SANS Pen Test Poster: Pivots Payloads Boardgame


So You Wanna Be a Pen Tester? 3 Paths To Consider (Updated)

Tips for Entering the Penetration Testing Field By Ed Skoudis It's an exciting time to be a professional penetration tester. As malicious computer attackers amp up the number and magnitude of their breaches, the information security industry needs an enormous amount of help in proactively finding and resolving vulnerabilities. Penetration testers who are able to … Continue reading So You Wanna Be a Pen Tester? 3 Paths To Consider (Updated)


Why You Need the Skills to Tinker with Publicly Released Exploit Code

By Chris Davis If you are a security enthusiast, like me, then you likely find yourself tinkering with exploit code for most of the major vulnerabilities that are released. This "tinkering" can be incredibly valuable to security researchers, blue teamers, and especially penetration testers. In fact, I frequently find myself modifying and testing public exploit … Continue reading Why You Need the Skills to Tinker with Publicly Released Exploit Code


Got Meterpreter? PivotPowPY!

by Cliff Janzen My how time flies. It seems like only yesterday I wrote the post Got Meterpreter? Pivot! (/blog/2012/04/26/got-meterpreter-pivot), but it has been four and a half years. In our industry, the only thing constant is change and Mr. Ed Skoudis gave me the opportunity to revisit this topic to see what has … Continue reading Got Meterpreter? PivotPowPY!


Modern Web Application Penetration Testing Part 1, XSS and XSRF Together

By: Adrien de Beaupre I enjoy performing penetration tests, I also enjoy teaching how to do penetration testing correctly. I will be teaching SANS SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques at many events this year. This is one of the many techniques that I will be exploring in … Continue reading Modern Web Application Penetration Testing Part 1, XSS and XSRF Together