Home/Penetration Testing

The Road To Better Password Cracking (Part 2)

The part where hashcat does a ton of heavy lifting.

In the last post, I discussed how some simple character conversion and inferences about human behavior revealed some harrowing elements of how humans create and use passwords.

In this post, I’ll be diving into how this information can be leveraged technically. The goal is to use the information gathered about password patterns […]

A Red Teamer’s Trip to the Doctor

The things that go through a security professional’s head during a regular doctor’s visit, why they matter to the healthcare industry, and why they should matter to you.

Healthcare organizations are the stewards of troves of very private and personal information.

This makes them high-value targets of all sorts of attacks from malicious parties. Additionally, national regulations such as HIPAA call for

So, you got a pentest. Now what?

How to progress toward a truly secure organization and infrastructure after penetration testing.

You did it – you paid for penetration testing services.

Whether it was to fulfill a potential client’s request, satisfy your interest or to be compliant with some framework, you tested the mettle of your environment against white-hat hackers and came out the other side, report in-hand and next steps […]

Past to Present – Lessons From the NotPetya Ransomware

And how they are still relevant today.

On a warm, sunny day in July 2017, one of the world’s most catastrophic and rampant demonstrations of ransomware began. Commonly referred to as NotPetya, the infection was released from a compromised software company located in Ukraine and quickly spread across the world. The outbreak impacted companies such as DHL, Mondelez International, and […]

An Introduction to Active Defense

Global research and advisory firm, Gartner, forecasts that information security spending will exceed $124 billion in 2019, yet cyber defenses continue to fail. Organizations large and small continue to experience breaches of all varieties resulting from zero-day exploits, failures in vulnerability patching, and phishing.

The market has responded with a variety of security governance and control frameworks including CIS 20, ISO 27001, […]

Managing an Organization’s Passwords

How to keep the keys to the kingdom from escaping the kingdom.

Proper password management is a huge step that an organization can take to strengthen security. It also addresses multiple criteria for all the major security frameworks. For example, see examples from ISO 27001 and SOC 2 as of the date of this writing:

ISO 27001 A9.4.2: Where required by the access […]

If It Can Talk to Networks, It Can Walk Across Them

Why the Internet of Things is a penetration tester’s most valuable asset.

As technology moves at a seemingly exponential rate of growth and changes every day, more and more devices are being developed to contain additional “customer-savvy” features. Collectively termed the Internet of Things (IoT), this new wave of technology is vast. Where historically a system in question would be a server […]