SANS Penetration Testing

Got Meterpreter? PivotPowPY!

by Cliff Janzen My how time flies. It seems like only yesterday I wrote the post Got Meterpreter? Pivot! (/blog/2012/04/26/got-meterpreter-pivot), but it has been four and a half years. In our industry, the only thing constant is change and Mr. Ed Skoudis gave me the opportunity to revisit this topic to see what has changed. … Continue reading Got Meterpreter? PivotPowPY!


Modern Web Application Penetration Testing Part 1, XSS and XSRF Together

By: Adrien de Beaupre I enjoy performing penetration tests, I also enjoy teaching how to do penetration testing correctly. I will be teaching SANS SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques at many events this year. This is one of the many techniques that I will be exploring in … Continue reading Modern Web Application Penetration Testing Part 1, XSS and XSRF Together


Opening a Can of Active Defense and Cyber Deception to Confuse and Frustrate Attackers

As Cybersecurity/Infosec Professionals we know that all you have to do is wait 30 seconds and someone else has been breached and two new vulnerabilities have been discovered (hypothetically of course). There are few jobs on Earth that see the constantly evolving challenges that we get the privilege to deal with. This constant state of … Continue reading Opening a Can of Active Defense and Cyber Deception to Confuse and Frustrate Attackers


Pen Test Poster: "White Board" - Bash - Make Output Easier to Read

By Matthew Toussain, Geoff Pamerleau Data! DATA!! DATA!!! So much data'' an endlessly grueling component of every information security practitioner's job description is data analysis. Often, digging through an environment for vulnerabilities or configuration flaws involves scrounging through reams of log data. It is not uncommon to find your eyes glazing over while staring at … Continue reading Pen Test Poster: "White Board" - Bash - Make Output Easier to Read


Pen Test Poster: "White Board" - Bash - Check Service Every Second

By Matthew Toussain &Geoff Pamerleau If you've had the opportunity to take SANS 560, Network Penetration Testing and Ethical Hacking, chances are you were exposed to the Pentester's Pledge. The pledge, for those who aren't familiar is: "I , do hereby pledge to use psexec to exploit Windows target machines after I have gained … Continue reading Pen Test Poster: "White Board" - Bash - Check Service Every Second