Let’s say you’re running some tests on a service and want to use some characters that aren’t standard in your systems’ character set. How do you do that?
Two posts in one night, because I’m catching up on some backlog items. I’ve been teaching/training a team on PenTesting lately, and it’s caused me to think through some personal truths and approaches that I’ve taken for several years. While going through that process I came to realize that I’d never really formally codified them; this is my attempt to do just that. It all comes down to what I’m now going to call the “Four Three Rule of Team PenTesting”.
I made a presentation a few months ago based on a simple question I relieved… “What is all that stuff in your backpack?” I normally carry, well, more than I really need. Full list with links is below, or here’s the presentation for those who want to see it in all its original, horrible glory. Ever wonder what types of stuff I normally carry when on a pentest? Well, now you know. Enjoy!
I like to setup a few things when I’m building an image for a pentest. They’re helpers that keep me honest, because without them I’d likely forget something or miss some detail, and by establishing consistent patterns I reduce that risk. To start with, I make a consistent directory structure. For the sake of this article, let’s call it:
Next up, I generate some subfolders which are critical to my process:
Continue reading “PenTest Aliases and Setup”