SANS Penetration Testing: Category - Python

Pen Test Poster: "White Board" - Python - Pythonic Web Client

Downloading files from the command line is routine tasks for most security professionals. For defenders, the Windows Schedule, SIM management interfaces, Web interfaces for appliances often allow you to schedule a single command for execution. The offensive folks who exploit a command injection vulnerability often need a simple way to download and execute code in … Continue reading Pen Test Poster: "White Board" - Python - Pythonic Web Client


Pen Test Poster: "White Board" - Python - Python Reverse Shell!

In SEC573: Automating Information Security with Python, we teach defenders to build tools that root out the signs of compromise in your sea of logs and network traffic. We teach forensicators to build tools to find that crucial piece of evidence with no other tools exist. We teach penetration testers how to build a few … Continue reading Pen Test Poster: "White Board" - Python - Python Reverse Shell!


Pen Test Poster: "White Board" - Python - Pythonic Web Server

This is such a great little tip. I use this quite frequently during my day to day operations to transfer files back and forth between systems or to colleagues. This wonderful little command will start a web server and make the contents of the folder that the command is launched from available for download. I … Continue reading Pen Test Poster: "White Board" - Python - Pythonic Web Server


Pen Test Poster: "White Board" - Python - Python Debugger

I realize that this may not apply to many of the super awesome reader of the SANS blogs, but when mere mortals develop tools the first few versions often have bugs in the code. Python has a very nice debugger that is part of the standard installation called PDB. PDB, aka The Python Debugger is … Continue reading Pen Test Poster: "White Board" - Python - Python Debugger


SANS Pen Test Cheat Sheet: Python - pyWars (SEC573)

by: Mark Baggett Python skills are incredibly useful for all kinds of information security personnel, from pen testers to cyber defenders to forensics pros. With so many tools written in Python and so many Python libraries to work magic in just a few lines of code, I wrote a course (SANS SEC573) on how to … Continue reading SANS Pen Test Cheat Sheet: Python - pyWars (SEC573)