SANS Penetration Testing: Tag - nmap

Web Application Scanning Automation

Some functions within penetration testing can be mundane and repetitive. To feed some life into these parts of the test, it can be fun and challenging to develop an automation script for these elements of an assessment. Furthermore, automating parts of a penetration test can help the output to be more consistent, reproducible, rigorous, and … Continue reading Web Application Scanning Automation


A Penetration Tester's Pledge

by Ed Skoudis Over the weekend, I was thinking about the wonderful psexec capabilities of tools like Metasploit, the Nmap Scripting engine smb-psexec script, and the psexec tool itself from Microsoft Sysinternals. It's my go-to exploit on Windows targets, once I have gained SMB access and admin credentials (username and password, or username and hash … Continue reading A Penetration Tester's Pledge