Cyber Security Awareness and Vulnerabilities Blog

Few would debate that cloud security was in the forefront of many conversations at RSA. The concern over securing the inevitable move to major cloud deployments was evident in the over-capacity Cloud Security Alliance meeting, conference presentations, vendor buzz-word bingo, and serious private…

Read More

A recently released module by the Exploit Writing Team here at Core generated a lot of emails to me from folks out there in Security Land asking for more information about the underlying vulnerability and how we were able to develop a Denial of Service module to trigger the vulnerability.

Read More

The Elephant in the Cloud In my experience, I’ve seen organizational leaders approach cloud computing from three different angles best summarized by the following questions: A.  How can I help my customers take advantage of cloud computing? B.  How can I deliver a better product/service…

Read More

I wouldn’t describe myself as a hoarder, but I am generally quite reluctant to throw things away. That old floppy disk on my shelf is a nostalgic reminder of how long it would take to install Windows NT 3.1 in my first proper…

Read More

Oftentimes after using Network Information Gathering, we are still left with a number of devices that may reflect an "Unknown" OS. Currently Core Impact does not identify devices such as the iPhone, iPad, or iPod Touch, but that doesn't mean that we can't…

Read More

When I first arrived here almost three years ago, the most exciting aspect of taking on leadership of Core was knowing that the company I was joining wasn’t just a clear leader in its established market, but that it also had the vision…

Read More

Every expert pen tester lives by their own set of rules, however, the best and the brightest adhere to some common best practices; in a recent piece in CSO, Core's own in-house guru Alberto Solino offered his tricks of the trade.

Read More

The continued advancement of the efinancial landscape only continues to heighten the opportunity for cybercrime, fraud and other forms of IT-driven risk.

Read More

In this blog post, Core technical guru and co-founder Alberto Solino outlines some of the powerful capabilities available to users of CORE IMPACT Pro when performing client side attacks that seek to delve deeper and pivot to other available vulnerabilities.

Read More

To automate or not to automate? This is a question that each pen tester must answer for themself. Allow Dan C. to help convince you which path to follow.

Read More