- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive! / SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top 20 List
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
SANS InfoSec Reading Room - Penetration Testing
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.
Featuring 16 papers as of Nov 8, 2009
Why Crack When You Can Pass the Hash?- By: Christopher Hummel (posted on November 3, 2009)
- While the concept of passing a Windows password hash has been around for some time, the release of publicly available tools has taken the first major step towards harnessing the true power of this attack. Although such tools have not yet targeted Microsoft’s implementation of Kerberos, all organizations are strongly encouraged to move towards pure Kerberos deployments in preparation for PKI integration. The evolving nature of this attack puts under pressure the issue of passwords as a valid identifier thus requiring organizations to use an alternate credential form such as digital certificates.
- A Fuzzing Approach to Credentials Discovery using Burp Intruder
- By: Karl Dawson (posted on October 29, 2009)
- A general overview of the components of Burp that are used to crack a password. This is followed by an analysis of usernames; a step that is often overlooked in the rush to crack a password.
- Stack Based Overflows: Detect & Exploit
- By: Morton Christiansen (posted on November 6, 2007)
- Buffer overflows remain some of the most serious and widespread vulnerabilities that exist, often giving an attacker complete control over the compromised system. Thus, in depth knowledge of how these vulnerabilities and exploits work is of utmost importance to penetration testers and incident handlers. This report provides the reader with a basic understanding of how stack based overflows work in practice. This is illustrated, while at the same time uncovering new vulnerabilities in the latest version of Windows XP.
- War Dialing
- By: Michael Gunn (posted on January 18, 2007)
- This paper will give the reader general information on war dialing, war dialing tools and general steps you can take to protect your network from unwanted intruders who may try to gain access to your network via unauthorized or poorly managed modems.
- Penetration Testing: The Third Party Hacker
- By: Pieter Danhieux (posted on May 17, 2006)
- This paper is intended to help managers decide on a penetration testing firm by providing them with some essential points of attention and critical questions to ask the prospective service providers.
- Guidelines for Developing Penetration Rules of Behavior
- By: Nancy Simpson (posted on October 31, 2003)
- This paper examines how, If planned and executed appropriately, penetration testing can be a very useful tool for determining the current security posture of an organization.
- Security Life Cycle - 1. DIY Assessment
- By: Lee Wan Wai (posted on October 31, 2003)
- This paper descibes a simplified and comprehensive way to accomplish vulnerability assessment, one phase of the Security Life Cycle.
- Instruments of the Information Security Trade
- By: Mark Graff (posted on October 31, 2003)
- This paper examines how penetration testing, if done properly, will benefit your organization's information security.
- Finding dsniff on Your Network
- By: Richard Duffy (posted on October 31, 2003)
- This paper covers some ways to detect dsniff and two of its utilities, arpspoof and macof, on a network.
- A Model for Peer Vulnerability Assessment
- By: Patricia Payne (posted on October 31, 2003)
- This paper proposes a model for ongoing assessment to be performed by the system administrators that includes testing and assessment in a non-threatening environment that provides added value of education for those performing the assessments.
- Penetration Testing - Is it right for you?
- By: Jimmy Braden (posted on October 31, 2003)
- This paper will review the steps involved in preparing for and performing a penetration test.
- Penetration 101 - Introduction to becoming a Penetration Tester
- By: Dave Burrows (posted on October 31, 2003)
- The purpose of this paper is to give you a brief and basic overview of what to look for when starting out in penetration testing and to build up an internal penetration test kit to aid you in performing both internal and external penetration tests on your company network. To also make you aware of the problems with new network technology like wireless networks, and remote access devices that can circumvent network perimeter security devices like firewalls and IDS.
- Penetration Studies - A Technical Overview
- By: Timothy Layton (posted on October 31, 2003)
- This paper builds on Jessica Lowery's research paper, Penetration Testing: The Third Party Hacker, by drilling down on some of the most common tools and applications used to perform penetration tests. This paper is divided into two parts: "Tools of the Trade" that identifies various tools for penetration testing and the second part is the technical breakdown and "how-to" of reconnaissance, scanning, and vulnerability testing.
- Battle for the Internet: The War is On!
- By: Kevin J. Owens (posted on October 31, 2003)
- There is a battle raging between security professionals and hackers. By placing people into the shoes of a hacker, and teaching them the skills to gain access to a system, one is better able to defend against them.
- An Overview of Remote Operating System Fingerprinting
- By: Chris Trowbridge (posted on October 31, 2003)
- This paper presents an overview of the various approaches to OS fingerprinting, some current tools available on the Internet together with their features, the underlying techniques they use, and suggestions for defeating these tools.
- Scanning Windows Deeper With the Nmap Scanning Engine
- By: Ron Bowes (posted on )
- This paper will look at how SMB and Microsoft RPC services work, how the Nmap scripts take advantage of the services, what checks the scripts are able to do, and what can be done to prevent them.
Check Them Out!
SANS provides the most exhaustive, comprehensive security source available. Bring your hardhat, you're going to work!
-Richard Williams, Symark Software
- © 2000-2009 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy