SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsWhen conducting a web application penetration test there are times when you want to be able to pivot through a system to which you have gained access, to other systems in order to continue testing. There are many channels that can be used as avenues for pivoting. This paper examines five commonly used channels for pivoting: Netcat relays, SSH local port forwarding, SSH dynamic port forwarding (SOCKS proxy), Meterpreter sessions. and Ncat HTTP proxy; within the context of using them with key tools in the penetration tester's arsenal including: Nmap, the Burp Suite, w3af, Nikto, Iceweasel, and Metasploit.