PenTest Magazine: Penetration Testing in the Cloud
In February 2016, PenTest Magazine’s was dedicated to “Cloud Pen testing”. This special edition featured an article by Stern Security’s Founder, Jon Sternstein. Here is an excerpt from the article:
“A pair of eyes intently stares at the computer screen while ten fingers are furiously typing on the keyboard. The penetration tester smiles as he finds the “file upload” component of the credit union’s online banking web application. The application allows a client to upload a custom image for their credit card. Unfortunately for the credit union, they use client side checks to confirm the uploaded file is a picture file. “Reverse shell uploaded!” the pen tester says to himself as he bypasses the client side checks and uploads a reverse shell. “Now, let’s access the shell…” He browses to the upload location and waits for the shell to appear on his Kali machine.“
The magazine can be purchased here:
