SANS Penetration Testing

Pen Test Poster: "White Board" - PowerShell - Built-in Port Scanner!

By Matthew Toussain, Grant Curell Introduction NMAP is an ideal choice for port scanning, but sometimes it may not be a feasible option. Other times a quick check to see if a port is open might be all the detail needed. In these scenarios PowerShell really shines. Let's examine methods to use PowerShell for … Continue reading Pen Test Poster: "White Board" - PowerShell - Built-in Port Scanner!


Pen Test Poster: "White Board" - PowerShell - Add a Firewall Rule

By Matthew Toussain, Grant Curell In many lab and training environments firewalls are disabled to facilitate the learning experience. As part of live pentests however, bypassing and manipulating firewalls is all in a day's work. The Windows firewall is the most common packet filtering hurdle encountered today. While it is not necessarily the most robust … Continue reading Pen Test Poster: "White Board" - PowerShell - Add a Firewall Rule


Pen Test Poster: "White Board" - Bash - Find Juicy Stuff in the File System

By Matthew Toussain, Geoff Pamerleau Pilfering data is a post-exploitation phase that rarely receives enough credit. As pentesters, the way we demonstrate security risk and the way we escalate our attacks to a new level is based entirely on what we find after the compromise is realized. While manually driving the command line from directory … Continue reading Pen Test Poster: "White Board" - Bash - Find Juicy Stuff in the File System


Pen Test Poster: "White Board" - Bash - Sudo... Make Me a Sandwich

By Matthew Toussain, Geoff Pamerleau The other day, while working on setting up a new virtual machine for testing purposes, I ran the following command to get my networking configured ifconfig enp0s8 down only to be greeted with the following: GAH! Why do I need root privileges to bring up or down … Continue reading Pen Test Poster: "White Board" - Bash - Sudo... Make Me a Sandwich


Pen Test Poster: "White Board" - CMD.exe - C:\> wmic process

By Matthew Toussain, Grant Curell If Windows Management Instrumentation (WMI) is the Matrix then its console (WMIC) is Neo. WMI is the Microsoft variant of Web Based Enterprise Management (WBEM) and Common Information Model (CIM). Essentially, it forms the connective tissue that defines application specific characteristics to enable cohesive interactivity between systems from … Continue reading Pen Test Poster: "White Board" - CMD.exe - C:\\> wmic process