SANS Penetration Testing

Announcing: the ULTIMATE SANS Pen Test Poster!

by Ed Skoudis

I am super excited to announce the release of our brand-new SANS Ultimate Pen Test Poster! Three months in the making, this poster is chock full of tips, tricks, ideas, tools, resources, references, practice environments, and much much more, all focused on helping penetration testers and related security professionals excel in their work. Behold Side 1 of the poster:

The Ultimate Pen Test Poster: Side 1

Side 1 of the poster (above) includes the following items:

  • An awesome mind map by Aman Hardikar .M, which lists over 100 free penetration testing practice environments including downloadable distributions, capture the flag environments, and "hack this site" style web sites. This is a printed version of the incredibly useful mind map which Aman offers here. A special thanks to Aman for letting us reprint and distribute his incredible work.
  • A description of the SANS Pen Test Coins, describing how you win them in courses such as SANS SEC 504, 560, 660, 575, 542, 642, 617, and NetWars, as well as the customized ciphers included on each coin designed for you to crack.
  • A description of our upcoming penetration testing event called The SANS Pen Test Hackfest Summit and Training Event, which will feature four nights of NetWars, an evening of CyberCity missions hands-on, and a chance to win up to four SANS Pen Test Coins. Please do check out that event and register! It's gonna rock.
  • A description of the SANS Pen Test Curriculum, including each course we offer to help penetration testers master their trade and build their skills.

That's all well and good, but the BEST part of the new poster is Side 2. Check. This. Out:

The Ultimate Pen Test Poster: Side 2

Side 2 of the poster is split into the different types of penetration testing work we all do. For each type of pen test, we provide a list of must-have tools, describing what each one does and how you can use it. We also include tips and tricks for maximizing your effectiveness in that particular arena, with ideas for applying a high-quality methodology in your work. And, the poster provides a set of web sites and twitter feeds for staying current in each and every one of its topic areas. These sections were written by some of the best penetration testers, instructors, and security researchers I've ever met, and I'm thankful for their input. The sections include:

  • Network Penetration Testing by John Strand
  • Exploit Development by Steve Sims
  • Mobile Device Penetration Testing by Josh Wright
  • Wireless Penetration Testing by Larry Pesce
  • Web App Penetration Testing by Kevin Johnson

I also wrote a section on pulling it all together, integrating the results from different parts of your penetration test by using collaboration and analysis tools and ensuring that your results are high quality, repeatable, and understandable.

Note also that the back of the poster is built up from little building blocks, just like a really good penetration test. I think these multi-colored, interlocking building blocks give the poster a cool look and whimsical tone, while keeping it professional so you can hang the poster in your office with pride.

So, how do you get a poster? Well, you can click on the links above to download them. For a printed copy, if you are at SANSFIRE this week in Washington DC, we have passed them out in each of the penetration testing courses. If you are at SANS FIRE and didn't get one, ask me or another pen test instructor for one, and we'll gladly hand one to you. Also, tonight at the SANS NetWars event at SANSFIRE, we'll have some posters for you.

Furthermore, the posters are being included in the SANS postal mailing of upcoming big brochures. If you receive SANS brochures in the mail, be on the lookout for one with the Pen Test Poster. I've heard some people started receiving them this week already. It'll be bundled with the brochure, so look carefully, and don't throw it away. :)

And, finally, if you come to an upcoming SANS course on penetration testing in the next couple of months, we'll make sure to have posters ready and available for you.

Thanks for reading, and I hope you enjoy the posters. Again, a special thanks to all the contributors to the poster for their hard work.

-Ed Skoudis
SANS Penetration Testing Curriculum Lead
Founder, Counter Hack

19 Comments

Posted June 20, 2013 at 12:37 PM | Permalink | Reply

Craig

Are the challenge coins physical objects or virtual coins?

Posted June 20, 2013 at 1:06 PM | Permalink | Reply

Ricky Rickard

How do you sign up to receive the brochures?

Posted June 21, 2013 at 10:14 AM | Permalink | Reply

Ed Skoudis

The coins are physical objects. They are indeed literal challenge coins, with a challenge (cipher) on every one. I think you'll like them a lot.

Posted June 21, 2013 at 10:16 AM | Permalink | Reply

Ed Skoudis

To get brochures in the mail, you need to sign up for a SANS portal account at https://www.sans.org/account/login. Then, create a new account. In your account settings, you can request mailings. Hope this helps!

Posted July 30, 2013 at 5:03 AM | Permalink | Reply

CJ

where can I get a poster for myself?

Posted July 30, 2013 at 9:30 AM | Permalink | Reply

Ed Skoudis

CJ ''" if you come to a SANS conference, let me know in advance, and I'll make sure they have one for you. Or, if you are going to BlackHat or DEF CON this week, find me, and I'll give you one (I'm bringing some to hand out). If you are neither going to SANS or BH/DEFCON, e-mail me, and we'll arrange to have one shipped to you.
Thanks!
''"Ed Skoudis.

Posted September 9, 2013 at 10:51 AM | Permalink | Reply

Robul Islam

Awesome, i to appreciate about this blog''''..:)
http://cybersecurityinc.com/vulnerability-assessment/

Posted September 11, 2013 at 4:13 AM | Permalink | Reply

JasonR

Ed,
I'd like a poster as well. Can I arrange to have one sent to me as I already used my allotted SANS training this year?
-Jason R.

Posted December 21, 2013 at 4:40 PM | Permalink | Reply

Otis Wilson

Ed,
Excellent poster. I am a senior software project lead for Lockheed Martin, and am on travel to New York. A fellow LM project lead attended on of your conferences and was totally impressed. I would like to get a poster to work with our application projects.

Posted January 3, 2014 at 2:38 PM | Permalink | Reply

anonymous

Looks great'' is there any way to order a printed copy? Thanks!!

Posted February 18, 2014 at 9:38 PM | Permalink | Reply

BRETT KNUTH

how can I get a digital copy of the SANS Ultimate Pen Test Poster

Posted February 18, 2014 at 9:54 PM | Permalink | Reply

Ed Skoudis

Brett ''" feel free to click on the images above for a zoom-able digital view. I hope that meets your needs. If not, let me know. Thanks! ''"Ed.

Posted March 16, 2014 at 4:36 AM | Permalink | Reply

Joseph Krebs

This is an awesome poster.
Is there a way to order a printed copy?
Thanks.

Posted June 3, 2014 at 4:25 PM | Permalink | Reply

Maher

how can I get a digital copy of the SANS Ultimate Pen Test Poster
can you send it to me think's

Posted March 27, 2014 at 11:02 PM | Permalink | Reply

Javier

Hi,
I would like to get also a digital copy of the SANS Ultimate Pen Test Poster''
BR

Posted June 3, 2014 at 8:25 PM | Permalink | Reply

Ed Skoudis

Javier ''" if you click on the images above, you can get the largest size digital version we have available in PDF format.

Posted September 15, 2014 at 8:02 PM | Permalink | Reply

Cell

I am currently taking 560 and would like to get a copy of the ultimate pen test poster for my workcenter. How would I go about doing that? Thanks.

Posted September 15, 2014 at 8:06 PM | Permalink | Reply

Ed Skoudis

Cell ''" shoot me an e-mail, and we'll hook you up. Thanks!

Posted October 30, 2014 at 6:21 PM | Permalink | Reply

Walt

Working on an upcoming cyber exercise and this poster would help out. How can I get a printed copy? Thanks.

Post a Comment






Captcha


* Indicates a required field.