SANS Penetration Testing

EQL Threat Hunting

Authored by Joshua Wright | josh@willhackforsushi.com TheEvent Query Language(EQL)is a standardized query language (similar to SQL) to evaluate Windows events. Written byRuss Wolf, EQL is an amazing tool to normalize Windows log events for consistent access and query. In practice, EQL is most effective when working with Windows Event Log andSysmonlogging data as part of … Continue reading EQL Threat Hunting


Parsing Zeek JSON Logs with JQ

Authored by Joshua Wright | josh@willhackforsushi.com JSON has become an increasingly important file format in many areas: as a computer programming data source, as a flexible data structure for engineering projects, and as a logging format for many enterprise security tools. To work effectively with JSON data, we need a tool that parses and extracts … Continue reading Parsing Zeek JSON Logs with JQ


Why is SANS HackFest 2019 so offensive

SANS Pen Test HackFest 2019 is just two weeks away. If you've never been to our HackFest, you are missing out! We've put everything we have into building a unique fun mind-expanding educational experience for the info sec community. Continue reading Why is SANS HackFest 2019 so offensive


Tips for Creating a Strong Cybersecurity Assessment Report

Learn how to write a strong report as part of your penetration test, vulnerability assessment, or an information security audit. Continue reading Tips for Creating a Strong Cybersecurity Assessment Report


Web Application Scanning Automation

Some functions within penetration testing can be mundane and repetitive. To feed some life into these parts of the test, it can be fun and challenging to develop an automation script for these elements of an assessment. Furthermore, automating parts of a penetration test can help the output to be more consistent, reproducible, rigorous, and … Continue reading Web Application Scanning Automation