Clickbait: Owning SSL via Heartbleed, POODLE, and Superfish

In the twilight of SSL's effectiveness as a method of secure communication,demonstration of associated risk should be a vital portion of modern penetration testing. While SSL is broken, practical exploitation by security analysts is a confusing process. A holistic analysis of the Secure Socket...

By

December 23, 2015

All papers are copyrighted. No re-posting of papers is permitted

Related Content

HackFest Hollywood 340x340.png

Offensive Operations, Pen Testing, and Red Teaming

October 28, 2024

A Visual Summary of SANS HackFest Hollywood Summit 2024

SANS Hollywood HackFest Summit - Check out these graphic recordings of the talks created in real-time.

Offensive Operations, Pen Testing, and Red Teaming

August 21, 2017

Pen Test Poster: "White Board" - Bash - Website Cloner

According to Verizon's 2016 Data Breach Investigations Report 30 percent of phishing messages get opened by targeted users and 12 percent of those users click on the malicious attachment or link. That means, on average, every 4 phished users should (statistically) yield one click. Developing a...

Offensive Operations, Pen Testing, and Red Teaming

February 21, 2017

Pen Test Poster: "White Board" - Bash - Check Service Every Second

If you've had the opportunity to take SANS 560, Network Penetration Testing and Ethical Hacking, chances are you were exposed to the Pentester's Pledge. The pledge, for those who aren't familiar is: "I , do hereby pledge to use psexec to exploit Windows target machines after I have gained admin...