SANS Penetration Testing

Dealing with the Many Stages of Pen Test Result Grief - Part 2

By Ed Skoudis In this series of articles, we're looking at some of the grief that penetration testers often encounter when they deliver their results and recommendations. Our premise? You, a great pen tester, work your tail off to conduct a wonderful, high-value, technically awesome pen test. The result? Target system personnel vomit all over … Continue reading Dealing with the Many Stages of Pen Test Result Grief - Part 2


Sneaky Stealthy SU in (Web) Shells

[In this article, the inimitable Tim Medin has some fun with PHP web shells, and merges together some clever ideas for interacting with them in a rather stealthier fashion using some Python kung fu! -Ed.] By: Tim Medin Here is the scenario: you have a server that allows you to upload an avatar. The site … Continue reading Sneaky Stealthy SU in (Web) Shells


Pen Testing Payment Terminals: A Step-by-Step How-To Guide

[Editor's Note: Here is a super useful how-to guide for penetration testing payment terminals by Miika Turkia. Given recent breach news headlines, payment terminals are getting much more security scrutiny. Bad guys are exploiting and undermining them, so we as penetration testers need skills to be able to properly evaluate the security stance of these … Continue reading Pen Testing Payment Terminals: A Step-by-Step How-To Guide


Five Things Every Pen Tester Should Know About Working with Lawyers

[Editor's Note: Here is a great article by John Strand about a topic that is sometimes difficult for pen testers: interacting with lawyers. But, John engages the topic in his signature fun, quirky, and highly informative way that provides practical insights into how to keep yourself safe and legal when dealing with some sticky issues … Continue reading Five Things Every Pen Tester Should Know About Working with Lawyers


My Juiced Up WiFi Pineapple Configurator Script

By Chris Crowley I recently acquired a WiFi Pineapple Mark V to replace my Mark IV, and I've got a config script to help folks simplify the config and use of this amazing product. For those of you unfamiliar with the WiFi Pineapple, it is a wireless attack platform in a box, excellent for penetration … Continue reading My Juiced Up WiFi Pineapple Configurator Script