This webinar will define and explain common penetration test offerings in detail, outline the key differences and benefits, and help you decide which engagement type is the best fit for your organization.
The part where hashcat does a ton of heavy lifting.
In the last post, I discussed how some simple character conversion and inferences about human behavior revealed some harrowing elements of how humans create and use passwords.
In this post, I’ll be diving into how this information can be leveraged technically. The goal is to use the information gathered about password patterns […]
The things that go through a security professional’s head during a regular doctor’s visit, why they matter to the healthcare industry, and why they should matter to you.
Healthcare organizations are the stewards of troves of very private and personal information.
Or: how I learned to stop worrying and love AWS GPU clusters.
Passwords are terrible.
And I don’t mean just your Netflix password or your home Wi-Fi password. I’m talking about passwords as […]
A classic view into some of the tools use by pentesters at risk3sixty.
How to progress toward a truly secure organization and infrastructure after penetration testing.
You did it – you paid for penetration testing services.
Whether it was to fulfill a potential client’s request, satisfy your interest or to be compliant with some framework, you tested the mettle of your environment against white-hat hackers and came out the other side, report in-hand and next steps […]
And how they are still relevant today.
On a warm, sunny day in July 2017, one of the world’s most catastrophic and rampant demonstrations of ransomware began. Commonly referred to as NotPetya, the infection was released from a compromised software company located in Ukraine and quickly spread across the world. The outbreak impacted companies such as DHL, Mondelez International, and […]
Global research and advisory firm, Gartner, forecasts that information security spending will exceed $124 billion in 2019, yet cyber defenses continue to fail. Organizations large and small continue to experience breaches of all varieties resulting from zero-day exploits, failures in vulnerability patching, and phishing.
The market has responded with a variety of security governance and control frameworks including CIS 20, ISO 27001, […]
How to keep the keys to the kingdom from escaping the kingdom.
Proper password management is a huge step that an organization can take to strengthen security. It also addresses multiple criteria for all the major security frameworks. For example, see examples from ISO 27001 and SOC 2 as of the date of this writing:
ISO 27001 A9.4.2: Where required by the access […]
Why the Internet of Things is a penetration tester’s most valuable asset.
As technology moves at a seemingly exponential rate of growth and changes every day, more and more devices are being developed to contain additional “customer-savvy” features. Collectively termed the Internet of Things (IoT), this new wave of technology is vast. Where historically a system in question would be a server […]