How Not to Fail at a Pen Test: Slides and Stream

Earlier this week, John Strand presented a fantastic webcast that was chock full of pen test tips.  This post contains the slides as well as a link to the streaming slides and webcast audio.

Here’s the description of the talk:

In this presentation, John and Ed will cover some key components that many penetration tests lack, including why it is important to get caught, why it is important to learn from real attackers, and how to gain access to organizations without sending a single exploit.

One of my favorite slides in the presentation is John’s concluding Code of Ethics.  Click on the image below to download all of John’s slides.

If you’d like to hear the full audio stream, you can access it here.  Click on the link, login to your free SANS Portal account, and you can see and hear the stream.

On a directly related note, we’ll be running an exciting SANS Pen Test Hackfest event in Washington DC November 13-20, throwing in pretty much everything we have to make for a fun and exciting event, including an evening of missions in CyberCity, 3 nights of NetWars, and chance to earn up to four SANS Pen Test challenge coins.  Click the image below for details on this nifty event.

Thank you!
–Ed Skoudis.


Demanding MOAR From Your Vulnerability Assessments and Pen Tests – Slides and Link

A few weeks ago, I did a presentation on Demanding MOAR from Your Vulnerability Assessments & Pen Tests.  I’d like to share the slides with you now.  The presentation is full of tips, some easy and others more complex, for providing extra value in vuln assessment and pen test work.

Here’s the official description of the talk:

You pay good money for your vulnerability assessments and penetration tests, right? But are you getting real business value from these projects? Do you ever get the sense that your assessors and pen testers are just phoning it in, checking off boxes, and not really properly helping you improve your security stance? In this lively presentation, Ed Skoudis will provide hugely valuable tips for getting the maximum business value out of your vulnerability assessments and pen tests. With specific recommendations for people procuring such projects as well as for testers themselves, this webcast is chock full of insights for effective scoping, best-of-breed methodologies, potent communications, and just plain getting the most vuln assessment and pen test bang for your buck.

Here is the slide deck, which you can flip through at your own pace.

Or, if you prefer, here’s a link to the streaming audio and slides, if you’d like to hear me presenting it.  To see and hear it, click on the link at the right, sign in to your free SANS portal account, and you’ll get access to the stream.

Hope you find it fun and useful!

–Ed Skoudis.
SANS Institute Fellow
SANS Penetration Testing Curriculum Lead
Founder, Counter Hack  


Winner Announcement: SANS Pen Test Hackfest Twitter Contest

Over the past couple of weeks, we’ve been running the SANS Pen Test Hackfest Twitter Contest.  I’m delighted to announce the winner.  The contest was simple and fun — just submit a picture of yourself via Twitter with SANS coins, SANS books, or other SANS shwag, and we’ll choose a winner at ramdom.  We’ve had some great entries… you guys are a creative group!  If you want to see them all, just do a Twitter search for the hashtag #SANSHackfest.

The winner will receive free entry to the 2-Day Summit associated with our November 13 through 20  Pen Test Hackfest training event   in Washington DC.  We throw everything we’ve got into this extra special event, including:

  • Two days of amazing,  in-depth talks  by leading minds of the industry, including the authors of some of the best pen test tools on the planet, including SET, Armitage, and more.
  • Six days of training, with  five different classes to choose from.
  • Three nights of  NetWars Tournament challenges  for hands-on fun and learning.
  • One night of  CyberCity missions, where you’ll be defending critical infrastructures against attacks, preventing city-wide mayhem.
  • Coin-a-palooza: A chance to earn up to FOUR  SANS Pen Test coins  for your collection.
  • One Super Secret Special Evening: On Nov 14, we’ll be taking a mind-blowing trip.

The prize for our new Twitter contest is free admission to the two-day session at the start of the Hackfest on Nov 13-14.  You’ll experience some great talks, learn super useful information,  participate in a NetWars evening Nov 13, and join us on the Super Secret Special Evening Nov 14.

Before announcing the winner, check out some of these awesome photos!  All the entries were really good, but these especially made us smile.

We had several people enter while partially hiding behind their SANS coins or books.

Here is a gent who was immobilized by a SANS book avalanche (a bookalanche?).

We had several folks use their SANS Pen Test coins as fashion accessories.

We even got some entries from a bonafide SANS Super Hero!!!

Other noteworthy entrants include:

Oh, and storm troopers!

And, we even got one of a donut (with a great hair cut)!

OK, so, who’s the happy winner who will be coming to the SANS Pen Test  Hackfest on Nov 13?  Consulting with our experts in randomness (at to choose a winner… Why, it’s…

Drumroll please….

Emily Gladstone Cole!!!

Congrats, Emily!  We’ll be in touch to discuss the details of your prize.

For all the other folks who entered… thank you for playing along.  It really was fun to see all your entries.  We hope you’ll consider joining us at the Hackfest as well!  It’s going to have some really incredible sessions and a lot of NetWars, CyberCity, and Coin-a-palooza fun.