SANS Penetration Testing

Go To The Head Of The Class: LD_PRELOAD For The Win

By Jeff McJunkin Imagine a Linux binary compiled from the following source: #include #include int main(){ int duration = 15 * 1000 * 1000; /* microseconds are hard */ printf("Starting, please wait..."); usleep(duration); printf(" Done!\ The program started up or whatever.\ "); return 0; } Now, dear readers, what if we wanted the program to … Continue reading Go To The Head Of The Class: LD_PRELOAD For The Win


Why You Need the Skills to Tinker with Publicly Released Exploit Code

By Chris Davis If you are a security enthusiast, like me, then you likely find yourself tinkering with exploit code for most of the major vulnerabilities that are released. This "tinkering" can be incredibly valuable to security researchers, blue teamers, and especially penetration testers. In fact, I frequently find myself modifying and testing public exploit … Continue reading Why You Need the Skills to Tinker with Publicly Released Exploit Code


Understanding and Exploiting Web-based LDAP

By Chris Davis Enterprisesfrequently contain Active Directory environments to manage domain objects like users, organizations, departments, computers, and printers. Combine this with anincrease in custom web applications and organizationsnaturally desire to integrate these two technologies together. This integration is an excellent way to create centralized authentication to their domain but also provides a method to … Continue reading Understanding and Exploiting Web-based LDAP


SCAPY Full Duplex Stream Reassembly

I recently had someone ask me how you can have scapy reassemble full duplex packets for you. That is what Wireshark does when you ask it to "Follow TCP Stream". In SANS SEC573: Automating Information Security with Python we discuss how to use scapy's native session reassembly capabilities, but its default behavior is to … Continue reading SCAPY Full Duplex Stream Reassembly


SQLMAP Tamper Scripts for The Win

During a recent penetration test BURP Suite identified some blind SQL Injection vulnerabilities in a target website. Pointing SQLMAP at the website showed us no love and simply said it was unable to exploit the website. I had mentioned the SQLi issues to the customer and he said that previous penetration testers said they … Continue reading SQLMAP Tamper Scripts for The Win