Cyber Security Awareness and Vulnerabilities Blog

Since Congress instituted the Federal Information Security Management Act (FISMA) of 2002 to address information security challenges facing government agencies, the National Institute of Standards and Technology (NIST) has regularly recommended new guidance to help give agencies a clearer deployment path to a…

Read More

Here we are in the middle of March, and it is hard to believe we are almost a quarter of a way through 2011. What is even more impressive is the rate at which the Exploit Writing Team, the CORE IMPACT Pro development…

Read More

The following post is excerpted from an article that I co-authored with Anup Ghosh, founder and chief scientist at Invincea, to introduce a recent issue of IEEE Security & Privacy that focused on Cloud Computing Security. In the article, we present the economic…

Read More

Few would debate that cloud security was in the forefront of many conversations at RSA. The concern over securing the inevitable move to major cloud deployments was evident in the over-capacity Cloud Security Alliance meeting, conference presentations, vendor buzz-word bingo, and serious private…

Read More

A recently released module by the Exploit Writing Team here at Core generated a lot of emails to me from folks out there in Security Land asking for more information about the underlying vulnerability and how we were able to develop a Denial of Service module to trigger the vulnerability.

Read More

The Elephant in the Cloud In my experience, I’ve seen organizational leaders approach cloud computing from three different angles best summarized by the following questions: A.  How can I help my customers take advantage of cloud computing? B.  How can I deliver a better product/service…

Read More

I wouldn’t describe myself as a hoarder, but I am generally quite reluctant to throw things away. That old floppy disk on my shelf is a nostalgic reminder of how long it would take to install Windows NT 3.1 in my first proper…

Read More

Oftentimes after using Network Information Gathering, we are still left with a number of devices that may reflect an "Unknown" OS. Currently Core Impact does not identify devices such as the iPhone, iPad, or iPod Touch, but that doesn't mean that we can't…

Read More

When I first arrived here almost three years ago, the most exciting aspect of taking on leadership of Core was knowing that the company I was joining wasn’t just a clear leader in its established market, but that it also had the vision…

Read More

Every expert pen tester lives by their own set of rules, however, the best and the brightest adhere to some common best practices; in a recent piece in CSO, Core's own in-house guru Alberto Solino offered his tricks of the trade.

Read More