Cyber Security Awareness and Vulnerabilities Blog
Why It’s Not Core Impact vs. Cobalt Strike
Mar 15, 2022
Making a decision on a new cybersecurity tool is never easy—particularly when it’s unclear how rival products compare. It’s tempting to simply type “product vs. product” into Google and see if one stands out as the clear favorite. However, sometimes you can find that two products have been mistakenly grouped together and aren’t actually in competition, but rather, they are in separate categories.
Incorporating New Tools into Core Impact
Feb 21, 2022
Core Impact has further enhanced the pen testing process with the introduction of two new modules.
4 Ways to Use SIEM for SMB
Feb 8, 2022
Security Information and Event Management (SIEM) solutions are often seen as a necessity only for large enterprises with massive environments to monitor for security threats. While this may have been true over a decade ago, in the early days of SIEM. Since then organizational IT infrastructures have become increasingly multifaceted, and the threat landscape continues to evolve.
The New Normal in Cybersecurity: Exploring the Top Three 2022 Predictions
Jan 4, 2022
In The New Normal in Cybersecurity Part 1, we examined three leading trends in the cybersecurity community over the past year. In this installment, we will take a look into the future and make predictions about where the cybersecurity landscape is potentially headed in 2022 and beyond.
The New Normal in Cybersecurity: Examining the Top Three 2021 Trends
Jan 4, 2022
The past year has shown organizations that uncertainty and a transformed reality are the new normal in business. While remote work was intended as a temporary response to the global pandemic, it is now considered a regular part of the business environment—fundamentally altering the way companies operate. This means organizations have had to respond in real-time to shift their cybersecurity strategies and keep up with an expanding IT infrastructure, the explosion of IoT devices, and a new wave of threats from more sophisticated attackers.
What is the MITRE ATT&CK® Framework?
Dec 6, 2021
The MITRE ATT&CK Framework was created in 2013 to create a comprehensive document of tactics, techniques, and procedures that cyber attackers were regularly using to breach the defenses of individuals and organizations. Since then, it has grown to be a global knowledge base that has helped to standardize defensive security and remains accessible to all security professionals.
Reflections on Ekoparty 2021
Nov 30, 2021
Ekoparty began as an underground hacking event, but has grown into one of the foremost cybersecurity conferences in Latin America. This year was the 20th anniversary of the incredible infosec event, which takes place every year in Buenos Aires. In order to discover insights from this year’s conference, we talked with two experts from Core Security who attended, and also served as trainers at the Hackademy portion of the event.
Core Impact 21.2: Incorporating the MITRE ATT&CK™ Framework and Attack Map Enhancements
Nov 29, 2021
The latest release of Core Impact has arrived! Version 21.2 underscores our alignment with the cybersecurity community, incorporating the MITRE ATT&CK™ framework to provide further insights into security weaknesses. We’ve also added additional features to Core Impact’s attack map, making the penetration testing process even more intuitive.
Five Critical Access Risks You Should Find Before an Audit Does
Nov 18, 2021
Like a lot of organizations today, your company is facing increasing demands to support and protect countless systems, applications, and platforms that contain sensitive business data by controlling access to this critical information. On top of this, you are pressured to meet ongoing regulatory compliance and industry mandates.
We’re In: Tired Hacking Tropes in TV Shows and Movies
Nov 3, 2021
It’s a well-known fact that TV shows and movies pride themselves on their complete and total accuracy when it comes to portraying historical events, illnesses, or jobs. That’s how we know that everyone in olden times spoke in British accents no matter what country they were in, people with tuberculosis casually cough up blood while otherwise carrying on as normal, and all doctors wander about in form fitting scrubs with only one patient to treat—right?
IAM in an M&A World: Finding the Right Balance Between Security and Efficiency
Oct 21, 2021
Make no mistake, the pace of mergers and acquisitions (M&A) has reached a fever pitch in the last year. Throughout 2021, M&A activity has continued to trend sharply upwards—with the rate of announcements projected to be the biggest ever in recorded history.
Getting Inside the Mind of an Attacker: After the Breach – Final Words of Advice
Oct 4, 2021
Having your Active Directory breached is bad enough, but an attacker who gains persistence is even more dangerous. The longer they are able to hide in your Active Directory forest, the better chance they have of gaining access to your organization’s crown jewels. Undetected, they can comfortably wait for the most opportune time to take control, stealing your organization’s most sensitive data and do with it what they please.
Top 14 Vulnerability Scanners for Cybersecurity Professionals
Sep 27, 2021
Vulnerability scanners are valuable tools that search for and report on what known vulnerabilities are present in an organization’s IT infrastructure. Using a vulnerability scanner is a simple, but critical security practice that every organization can benefit from. These scans can give an organization an idea of what security threats they may be facing by giving insights into potential security weaknesses present in their environment.
Three Tools for Maturing Your Vulnerability Management Program
Sep 27, 2021
Cybersecurity has become an increasingly popular topic in day-to-day conversation, and the conclusion is always the same: organizations need to make cybersecurity a priority and work to create the best security strategy possible. However, there’s a big difference between understanding what you need versus knowing how to get it.
What Does Least Privilege Access Actually Mean?
Sep 9, 2021
If you’re like most IT or security professionals, it seems harder than ever to manage the complexity of user access. Keeping track of access rights, roles, accounts, permissions, entitlements, credentials, and privileges is a never ending—and sometimes thankless—proposition.
Core Impact Adds Integrations for Frontline VM and beSECURE
Sep 8, 2021
Core Security’s comprehensive penetration testing tool, Core Impact, can now import data from two additional vulnerability scanners: Frontline VM and beSECURE.
Getting Inside the Mind of an Attacker: After the Breach – Miscellaneous Techniques for Achieving Persistence
Aug 31, 2021
In the first two parts of this series, we covered how attackers may attempt to gain persistence in Active Directory by forging Kerberos tickets or through domain replication abuse, and also discussed strategies to detect these methods.
Getting Inside the Mind of an Attacker: After the Breach - Achieving Persistence with Domain Replication Abuse
Aug 16, 2021
In part one of this series, we discussed how attackers may attempt to gain persistence in Active Directory by forging Kerberos tickets, as well as ways to detect these efforts. In this part, we’ll discuss another method attackers may use: domain replication abuse.
What Types of Attacks Does SIEM Detect?
Aug 16, 2021
Security Information and Event Management (SIEM) solutions are known for their ability to provide visibility into IT environments by monitoring data sources for unusual activity and contextualizing them for security insights.
How to Strengthen Identity and Access Management with the Rise of a Hybrid Workforce
Aug 2, 2021
As organizations have made the transformational shift to a remote and hybrid workforce, IT and security teams are feeling increased pressure to better manage access to sensitive data and systems. The rise of a remote and expanded workforce has put additional strain on organizations and increased the potential for identity-related access risks.
Why Do Ransomware Attacks Keep Happening?
Jul 21, 2021
Did you know the first instance of ransomware was in 1989? Though we’ve moved on from floppy disks containing malware and cashier’s checks used to pay attackers, we are far from moving past ransomware. Instead, ransomware has become more streamlined, and is one of the most popular tools of both amateur and expert threat actors. Just about anyone can purchase a ransomware strain off the dark web or can have the work done for them with ransomware-as-a-service (RAAS).
14 Exploits Cybersecurity Professionals Are Concerned About
Jul 21, 2021
Vulnerabilities can be found in just about any type of software—and even some pieces of hardware. Threat actors are all too eager to take advantage of these vulnerabilities, leveraging them to gain access to or escalate privileges in an organization’s IT infrastructure. When these vulnerabilities are discovered before the vendor is aware, these are known as zero-day threats.
Core Impact Issues Latest Exploit for PrintNightmare Flaw
Jul 19, 2021
The PrintNightmare flaw is aptly named—the serious remote code execution vulnerability in the Microsoft Windows Print Spooler service, CVE-2021-34527, can give an attacker the keys to the kingdom. The Print Spooler service does not restrict access to the RpcAddPrinterDriverEx function, allowing a remote authenticated account with low privileges to gain access from a single shared computer.
Network Monitoring and Identity Governance: How They Work Together to Enhance Your Security Posture
Jul 15, 2021
It’s no secret that keeping track of who has access to what in your organization has grown more complicated during the last year. Companies today are especially vulnerable because they often lack full visibility into the actual access levels employees possess and may not have the full picture of devices across their network infrastructure. Managing devices and user access is made even more challenging with millions of employees still working from home, leveraging devices, systems, applications, and collaboration tools that make remote work possible.
Getting Inside the Mind of an Attacker: After the Breach - Achieving Persistence with Golden and Silver Tickets
Jul 8, 2021
In the first Inside the Mind of an Attacker series, we walked through scenarios of potential attacks on Active Directory, as well as techniques on how to identify and avoid breaches. In this series, we’ll transition to what happens after a successful compromise of Active Directory, in which an attacker attempts to gain persistence after the initial breach.