Cyber Security Awareness and Vulnerabilities Blog

Image
blog article thumbnail

CISO Commentary: How Often Should You Pen Test?

Recently, Core Security released the 2024 Penetration Testing Report, which shares the results from an annual survey of cybersecurity professionals on their experiences with offensive security strategies and solutions.
Image
blog article thumbnail

Core Impact Monthly Chronicle: Exploits and Updates | May 2024

Core Impact UpdatesNew UI and Usability Improvements for Reports The Core Impact Reports have been modernized, with data reviewed to improve its actionability and user friendliness.
Image
blog article thumbnail

Weighing the Risk: The Cost of Skipping Pen Tests

Cybersecurity budgets are beginning to get cut across the country, and organizations are faced with tough choices about what should stay and what should go. As security budgets face extra scrutiny and potential cuts, it’s critical to evaluate the cost and benefits of each security practice. It can be difficult to define the value of proactive security solutions like pen testing, as a precise ROI is hard to determine. After all, how does one quantify attacks that were prevented?
Image
blog article thumbnail

Core Impact Monthly Chronicle: Exploits and Updates | April 2024

Core Impact UpdatesSMB NTLM Information Dumper This module improves the reconnaissance step for Active Directory testing, specifically gathering NTLM information using SMB/RPC protocols to prepare NTLMrelayx Man-in-the-middle attacks. Among other information, it retrieves: 
Image
blog article thumbnail

Open Source vs. Enterprise: Why Not All Exploits are Created Equal

A common tactic of attackers trying to breach an environment is to use an exploit against a known vulnerability in an application or device present in a targeted infrastructure. Exploiting a vulnerability can provide an attacker with privileges or capabilities they would not normally be granted.
Image
blog article thumbnail

Core Impact Monthly Chronicle: Exploits and Updates | March 2024

Core Impact Exploit Library Additions
Image
blog article thumbnail

Advantages of Offensive Security Vendor Consolidation

We sat down with John Stahmann, CISSP and Director of Sales Engineering for Offensive Security and Infrastructure Protection at Fortra, and asked him what he had learned after more than 20 years in the industry about the pitfalls, hacks, and little-known facts of offensive security.
Image
blog article thumbnail

Why Relay Attacks Are Still Common and How to Prevent Them

NTLM (NT Lan Manager) relay attacks are still a significant threat to the security of Windows based networks. Though it is a well-known attack method that has been around for many years, it is no less dangerous than when it first emerged. In fact, it has been an attack method that is currently popular with “aggressive” hacking groups, including the Russian APT28. These groups have successfully used relay attacks to target multiple high-value targets worldwide.
Image
blog article thumbnail

What is the Role of Purple teaming and Why is it Important?

When hashing out your offensive security strategy, it’s not all about winning – especially when you’re role-playing as the hacker.  
Image
blog article thumbnail

Core Impact Monthly Chronicle: Exploits and Updates | Jan 2024

One of Core Impact’s most valuable features is its certified exploit library. Fortra’s Core Security has a team of expert exploit writers that conduct research, evaluating and prioritizing the most relevant vulnerabilities in order to update the library with critical and useful exploits.  Additionally, the QA team creates its own clean environment to validate each exploit before its release to ensure our standards and validate that it is safe and ready to use.
Image
blog article thumbnail

Cybersecurity and the Law: Taking Proactive Steps Before Needing Legal Action

How the justice system deals with cybercrime is still relatively new and finding its footing. How cybercriminals are leveraging the legal system is relatively new, too. 
Image
certified-exploits

Core Impact Monthly Chronicle: Exploits and Updates | Dec 2023

One of Core Impact’s most valuable features is its certified exploit library. Fortra’s Core Security has a team of expert exploit writers that conduct research, evaluating and prioritizing the most relevant vulnerabilities in order to update the library with critical and useful exploits.
Image
blog article thumbnail

Core Impact Update: Version 21.5 Release

We are thrilled to announce the latest release of Core Impact! Version 21.5 is packed with exciting features and improvements that provide a smoother and even more efficient user experience. 
Image
blog article thumbnail

Debunking Popular Myths About Pen Testing

When it comes to a security staple like penetration testing, we all have preconceived notions that make this practice seem quite challenging. The need to rotate vendors, interruptions to normal business, or even testers causing security risks are some that you often hear thrown around. But are they true? The short answer is no.
Image
Core Security blog thumbnail

How to Recover After Failing a Cybersecurity Audit

While it’s important to adhere to compliance regulations, blunders do happen. What does it mean when these blunders lead to you failing a cybersecurity audit, and how can you recover? Consequences of Failing a Cybersecurity Audit Failing a cybersecurity audit can mean several things. First, there’s the up-front legal fines that come with falling on the wrong side of compliance. Here are a few illustrative examples. 
Image
Core Security blog thumbnail

5 Things You Didn’t Know About Core Impact

You may have heard that Core Security’s Core Impact is an enterprise-grade penetration testing solution that uses same tactics and techniques as real-world attacks.
Image
Core Security blog thumbnail

Best Security Practices for Digital Banking

Online banking is nearly universal in 2023. No more long lines at the credit union, late-night ATM trips, or waiting for a check to be cashed. Digital banking has revolutionized the financial industry and the way we do business as a whole. 
Image
Core Security blog thumbnail

Accelerating Security Maturity with Fortra Bundles

In The Importance of Layering Offensive Security Solutions, Fortra experts underscore the advantage of developing a single source offensive security tooling portfolio.
Image
blog article thumbnail

Cybersecurity Heats Up in the Summer

When school is out for summer, it seems like everyone is on vacation – everyone except your (un)friendly neighborhood cybercriminals. Something about the summer months puts us off our guard and threat actors on high alert. The only way to stay safe is to know what’s causing the trouble in the first place. We’ve packed our sunscreen – now read on to find out how to make sure your security also doesn’t get burned.
Image
blog article thumbnail

Standardizing Red Teaming for the Financial Sector with the TIBER EU Framework

Cyber attacks may not have been around when Ben Franklin said, “By failing to prepare, you are preparing to fail,” but it has become an appropriate cybersecurity principle, nonetheless. So what does preparation involve and how are organizations ensuring that is integrated into their security strategy?
Image
blog article thumbnail

Underestimating the Why of Ransomware

Organized ransomware isn’t slowing down – in fact, a group just discovered a month ago is already responsible for dozens of attacks – and they are experts at discovering weaknesses we miss.
Image
blog article thumbnail

Prioritizing Cybersecurity During Organizational Change

The times, they are a changin', as Bob Dylan would say. It's a time of a lot of global change, leading to dramatic shifts in different industries. Organizations have to be agile and change along with it, all while keeping cybersecurity top of mind.
Image
blog article thumbnail

Three Reasons Why Organizations Should Always Retest After an Initial Pen Test

What’s the point of establishing a baseline if you don’t intend to track your progress? When organizations only run an initial pen test, they are only getting half the picture. A pen test is used to give a business a baseline idea of how well their systems would stack up against hackers who wanted to exploit vulnerabilities. Once the results are delivered, it’s up to the team to implement those changes. And then –
Image
blog article thumbnail

Active Directory Attack Paths Discovery: Leverage the Power of BloodHound Within Core Impact

Some time ago, Core Impact added a module that supports the use BloodHound, a data analysis tool that uncovers hidden relationships within an Active Di