Cатсн²² (in)sесuяitу / ChrisJohnRiley

SANS Web App Penetration Testing and Ethical Hacking Class – DAY 4

DAY 4:

Today was a long day… my hint for a SANS conference in Europe, is never going drinking with Terry Neal. No, seriously, save yourself before it’s too late 😉 Still, it’s amazing what you can accomplish on 4 hours of sleep.

Today was finally the Exploitation day… and as we know exploitation is always the fun part (insert evil laugh here). The coverage of a WordPress vulnerability from last year was interesting, but needed a little bit more in-depth explanation of how it functions. Due to the limitation of the class running time though, I think that wasn’t really a possibility. Still, consider it as homework 😉 Although this was a lab designed to cover blind SQL injection, the use of a pre-written script for the lab was a little disappointing. I’d like to have seen something with SQLBF or SQLmap personally.

The section on advanced script injection covered a lot of what I came to the course for. If I had a choice the whole 4 days would have been at this level. At the very end of the day we looked at a couple of exploitation frameworks (Attack API, BeEF and XSS Proxy). I’ve not had a chance to play with these much before, so it was good to get some hands-on time with the tool. Although I would have liked to look more at the Atack API setup and configuration. BeEF looks good, but lacks some functions that would improve the functionality. Given the chance I’ll write up some modules to fill the gap.

Overall the course was enjoyable, although a little basic for people already doing web-app testing on a regular basis. I’m looking forward to seeing how the SEC:542 course changes when it goes 6 days (see next years conference lists). I’m expecting something special from the InGuardian guys.