Showing 6 results for: June 2012 ×Penetration Testing ×

CVSS for Penetration Test Results (Part I)

Trustwave has been adding support for the Common Vulnerability Scoring System (CVSS) in PenTest Manager, our online reporting portal used for all SpiderLabs penetration tests. While this is a great step toward better metrics for our penetration test results, the...

Metasploit => tips, tricks, hashes and tokens

Metasploit is one of the many tools that can be used during a penetration test, and it actually consists of a whole suite of tools, that forms part of a complete attacking framework. Metasploit is not the best tool for...

Using Nmap to Screenshot Web Services

As part of Trustwave SpiderLabs network penetration testing team, I perform many internal penetration tests each year. As part of those tests, we see a lot of web servers. Some of those are internal portals like Sharepoint. Others are non-production...

Introducing CryptOMG

CryptOMG is CTF-style testbed for exploiting various flaws in cryptographic implementations. Cryptography is very easy to do incorrectly, which is pretty apparent throughout the web if you know what to look for. CryptOMG will help train your eye to look...

Zap(ped) into Foca(s)

An external penetration test isn't just about the network addresses to pwn, but sometimes about the web presence that is offered to the world at large. And web presence equals web applications. As a new addition to the SpiderLabs team,...