Home/Asher Andree

About Asher Andree

Analyst & Pentester @ risk3sixty. Fascinated with anything related to Offensive Security, Penetration Testing, or Red Teaming.

A Red Teamer’s Trip to the Doctor

The things that go through a security professional’s head during a regular doctor's visit, why they matter to the healthcare industry, and why they should matter to you. Healthcare organizations are the stewards of troves of very private and personal information. This makes them high-value targets of all sorts of attacks from malicious parties. Additionally, national regulations such as HIPAA call [...]

By |2020-04-12T17:49:23+00:00April 13th, 2020|Penetration Testing, Regulatory Compliance|1 Comment

Sudo: Its History and How to Abuse It

A quick explanation of one of the most influential and misconfigured computing utilities. A classic view into some of the tools use by pentesters at risk3sixty. You’re a hacker.   Okay, maybe you aren’t, but let’s say you are. You finally got into a server you’ve been attacking for weeks, but you’re stuck. The credentials you logged in with [...]

By |2020-01-24T14:00:12+00:00January 27th, 2020|CISO Discussions, Penetration Testing|0 Comments

Past to Present – Lessons From the NotPetya Ransomware

And how they are still relevant today. On a warm, sunny day in July 2017, one of the world’s most catastrophic and rampant demonstrations of ransomware began. Commonly referred to as NotPetya, the infection was released from a compromised software company located in Ukraine and quickly spread across the world. The outbreak impacted companies such as DHL, Mondelez International, and Maersk [...]

By |2020-01-23T19:22:30+00:00November 25th, 2019|Cyber Risk Management, Penetration Testing|1 Comment

If It Can Talk to Networks, It Can Walk Across Them

Why the Internet of Things is a penetration tester’s most valuable asset. As technology moves at a seemingly exponential rate of growth and changes every day, more and more devices are being developed to contain additional “customer-savvy” features. Collectively termed the Internet of Things (IoT), this new wave of technology is vast. Where historically a system in question would be a [...]

By |2020-01-17T21:16:57+00:00October 21st, 2019|Cyber Risk Management, Penetration Testing|0 Comments