SANS Penetration Testing: Category - Passwords

SANS Pen Test Poster: Pivots Payloads Boardgame

Looks like you found this page before we had a chance to finish it. But...here is the PDF download for the new Pivots & Payloads poster/board game! We are still working on this page, so, if you come back once we are finished, you'll find a lot more useful things to help you in … Continue reading SANS Pen Test Poster: Pivots Payloads Boardgame


What's the Deal with Mobile Device Passcodes and Biometrics? (Part 2 of 2)

By Lee Neely In the first installment of this 2-parter, I discussed the use of mobile device fingerprint scanners to unlock the device. As a follow-up, I'd like to discuss how a developer can integrate the scanner into their applications. This discussion may provide some insights into how to secure mobile apps, or even inspire … Continue reading What's the Deal with Mobile Device Passcodes and Biometrics? (Part 2 of 2)


What's the Deal with Mobile Device Passcodes and Biometrics? (Part 1 of 2)

By Lee Neely Introduction Mobile device administrators and end users need to be more cognizant of the risks of allowing unauthorized access to their smartphones and take steps to raise the bar on accessing those devices to mitigate those risks. This is part one of two articles on securing mobile device access. In this article, … Continue reading What's the Deal with Mobile Device Passcodes and Biometrics? (Part 1 of 2)


Ever Crack a Password using a Cisco Device?*

[Editor's Note: Here's a short but sweet article by Tim Medin on using Cisco IOS's own capabilities for decoding Type 7 passwords. Now, you might think — "Why don't I just use one of the conversion websites on the Internet for decoding that?" Or, "I know a free downloadable hacker tool that does just that." … Continue reading Ever Crack a Password using a Cisco Device?*


SMB Relay Demystified and NTLMv2 Pwnage with Python

By Mark Baggett [Editor's Note: In this _excellent_ article, Mark Baggett explains in detail how the very powerful SMBRelay attack works and offers tips for how penetration testers can operationalize around it. And, bet yet, about 2/3rds of the way in, Mark shows how you can use a Python module to perform these attacks in … Continue reading SMB Relay Demystified and NTLMv2 Pwnage with Python