Cyber Security Awareness and Vulnerabilities Blog

Use Multifactor Authentication in Your Self-Service Password Reset

Nov 22, 2022
The Problem with Security Questions Whether it’s an IT admin helping an employee gain access to their accounts or an employee attempting to change their password, authentication is required to prove that the person attempting to perform that action is indeed who they say they are. In the past, many teams have felt comfortable relying solely on the use of security questions to carry out that authentication. However, this approach has its shortcomings:
Image
Active Directory Attack Scenarios Part 3: Deserializing Your Way In

Active Directory Attack Scenarios Part 3: Deserializing Your Way In

Nov 8, 2022
In this series focusing on Active Directory attacks, we’re running through four different scenarios based on real penetration testing engagements that demonstrate the variety of techniques and tactics that can be used to compromise
Image
active directory attack scenarios part 2

Active Directory Attack Scenarios Part 2: Going Beyond Domain Admin

Nov 4, 2022
In this series focusing on Active Directory attacks, we’re running through four different scenarios based on real penetration testing engagements that demonstrate the variety of techniques and tactics that can be used to compromise
Image
network-monitoring-identity-governance

How Offensive Security Enhances Visibility Into Potential Threats

Oct 18, 2022
Prior to launching a targeted attack against an organization, threat actors conduct thorough reconnaissance missions, gathering intelligence on employees, the infrastructure, and more. They want to know every possible inch of the attack surface to find every potential exposure before they make their move, using an array of tools and tactics to exploit vulnerable infrastructure.
Image
active-directory-attack-scenarios-part-one-print

Active Directory Attack Scenarios: The Path from Printer to Domain Admin

Sep 22, 2022
Active Directory is an essential application within an organization, facilitating and centralizing network management through domain, user, and object creation, as well as authentication and authorization of users. Active Directory also serves as a database, storing usernames, passwords, permissions, and more. Active Directory is a perfect example of a technological double-edged sword. While such a centralized application can streamline IT operations, it does also make for an irresistible target for attackers.
Image
Security Tips

Intelligence Gathering - The Foundation of a Good Penetration Test

Sep 19, 2022
Penetration testing is more than a bunch of ex-hackers in hoodies attempting to break into an organization that hired them. It is a carefully planned and organized engagement that probes and tests a defined piece of an organization's IT infrastructure for potential flaws. Without good intelligence to work from, testers cannot efficiently conduct their attacks, leaving potentially unidentified gaps in an organization’s defense. 
Image
Core Impact Adds Integrations for Frontline VM and beSECURE

4 Steps to Take Following a Pen Test

Aug 3, 2022
Congratulations! You’ve just completed a penetration test. So what now? 
Image
Typing on computer with security shield

Going on the Offensive: Federal Agencies Must Move from a Reactive to Proactive Security Approach

Jul 27, 2022
Modern threat actors and the condition of today’s threat landscape are forcing the collective hand of cybersecurity to go on the offensive -- and federal agencies are no exception. As cyber attackers grow increasingly adept at identifying and exploiting infrastructure weaknesses, they will opt for the path of least resistance. Therefore, agencies with a security posture that goes beyond traditional cyber defenses will fall farther down the list of attack targets -- but they will still be targeted. 
Image
Core Impact Helps Secure PCI DSS

Core Impact Helps Secure PCI DSS v4.0 Requirement 11

Jul 26, 2022
The Payment Card Industry Data Security Standard (
Image
python agent

Core Impact Updates: Python Agents and OWASP Top 10

Jul 11, 2022
Though we have a new release planned for later this year, we’ve made some updates to Core Impact that we just couldn’t wait to release and share! First, we have a new agent written in Python to expand its use to different environments and further enhance its flexibility. Additionally, we’re staying on top of the latest threats by updating to the latest OWASP Top 10 list, making web application tests even more effective.
Image
Are you ready for a pen test

Are You Ready for a Penetration Test?

May 26, 2022
The phrase “you’ve got to walk before you can run” is something that we’ve all heard and rolled our eyes at least once in our lives after we’ve attempted an advanced skill before mastering the basics. The saying is unfortunately very accurate when it comes to cybersecurity.
Image
ransomware simulator

Core Impact Introduces Ransomware Simulation

May 16, 2022
Once upon a time, it was often necessary to define the term “ransomware” as it was frequently met with questioning looks and the need for clarification. Nowadays, you can hardly go a day without hearing about some sort of attack. What has made ransomware such a pervasive threat, and how can organizations learn to better protect themselves?
Image
What is OWASP

What is OWASP?

May 3, 2022
The cybersecurity world has so many acronyms, and yet we pretend to know what all of them are. However, there are many occasions that leave us wracking our brains, trying to remember what one stands for. Is it a product? An organization? A process? One acronym that everyone should know is OWASP—the Open Web Application Security Project.
Image
Achieve SIEM Success

Overcome These 3 Challenges to Achieve SIEM Success

May 3, 2022
Security Information and Event Management (SIEM) solutions can take much of the tedium and guesswork out of monitoring, managing, and prioritizing critical security events. That’s why increasing numbers of cybersecurity professionals are embracing SIEM. 
Image
The Importance of Penetration Testing for Cloud Infrastructures

The Importance of Penetration Testing for Cloud Infrastructures

Apr 7, 2022
With cybersecurity threats perpetually looming, many organizations have come to rely on penetration testing to assess their security stance and uncover weaknesses. According to the 2022 Pen Testing Report, 85% of respondents reported they pen test at least once a year.
Image
Pen Testing in Different Environments

Pen Testing in Different Environments

Apr 7, 2022
As security threats persist, cybersecurity professionals are increasingly relying on penetration testing to uncover weaknesses and assess their security stance. According to the 2022 Pen Testing Report, 96% of respondents reported pen testing was at least somewhat important to their security posture.
Image
Why It’s Not Core Impact vs. Core Impact

Why It’s Not Core Impact vs. Cobalt Strike

Mar 15, 2022
Making a decision on a new cybersecurity tool is never easy—particularly when it’s unclear how rival products compare. It’s tempting to simply type “product vs. product” into Google and see if one stands out as the clear favorite. However, sometimes you can find that two products have been mistakenly grouped together and aren’t actually in competition, but rather, they are in separate categories.
Image
Incorporating New Tools into Core Impact

Incorporating New Tools into Core Impact

Feb 21, 2022
Core Impact has further enhanced the pen testing process with the introduction of two new modules.
Image
SIEM for SMB

4 Ways to Use SIEM for SMB

Feb 8, 2022
Security Information and Event Management (SIEM) solutions are often seen as a necessity only for large enterprises with massive environments to monitor for security threats. While this may have been true over a decade ago, in the early days of SIEM. Since then organizational IT infrastructures have become increasingly multifaceted, and the threat landscape continues to evolve.
Image
cybersecurity-trends-predictions

The New Normal in Cybersecurity: Exploring the Top Three 2022 Predictions

Jan 4, 2022
In The New Normal in Cybersecurity Part 1, we examined three leading trends in the cybersecurity community over the past year. In this installment, we will take a look into the future and make predictions about where the cybersecurity landscape is potentially headed in 2022 and beyond.
Image
cybersecurity-trends-predictions

The New Normal in Cybersecurity: Examining the Top Three 2021 Trends

Jan 4, 2022
The past year has shown organizations that uncertainty and a transformed reality are the new normal in business. While remote work was intended as a temporary response to the global pandemic, it is now considered a regular part of the business environment—fundamentally altering the way companies operate. This means organizations have had to respond in real-time to shift their cybersecurity strategies and keep up with an expanding IT infrastructure, the explosion of IoT devices, and a new wave of threats from more sophisticated attackers.
Image
What is the MITRE Attack Framework

What is the MITRE ATT&CK® Framework?

Dec 6, 2021
The MITRE ATT&CK Framework was created in 2013 to create a comprehensive document of tactics, techniques, and procedures that cyber attackers were regularly using to breach the defenses of individuals and organizations. Since then, it has grown to be a global knowledge base that has helped to standardize defensive security and remains accessible to all security professionals.
Image
Reflections on Ekoparty 2021

Reflections on Ekoparty 2021

Nov 30, 2021
Ekoparty began as an underground hacking event, but has grown into one of the foremost cybersecurity conferences in Latin America. This year was the 20th anniversary of the incredible infosec event, which takes place every year in Buenos Aires. In order to discover insights from this year’s conference, we talked with two experts from Core Security who attended, and also served as trainers at the Hackademy portion of the event.
Image
Core Impact 21.2

Core Impact 21.2: Incorporating the MITRE ATT&CK™ Framework and Attack Map Enhancements

Nov 29, 2021
The latest release of Core Impact has arrived! Version 21.2 underscores our alignment with the cybersecurity community, incorporating the MITRE ATT&CK™ framework to provide further insights into security weaknesses. We’ve also added additional features to Core Impact’s attack map, making the penetration testing process even more intuitive.
Image
critical-access-risks-security

Five Critical Access Risks You Should Find Before an Audit Does

Nov 18, 2021
Like a lot of organizations today, your company is facing increasing demands to support and protect countless systems, applications, and platforms that contain sensitive business data by controlling access to this critical information. On top of this, you are pressured to meet ongoing regulatory compliance and industry mandates.