Three of the IT security industry's most respected leaders have signed-on to help guide our future plans. They've done so because they already share our vision for the future of enterprise security testing and measurement.
In Windows systems, path and filename normalization routines have some interesting quirks. In his upcoming ShmooCon presentation, Core's Dan Crowley will demonstrate how these quirks can be used to bypass filters and access control mechanisms, evade IDS detection, alter the way that files are handled and processed, and make brute force attacks to enumerate files easier.
The Operation Aurora Attacks on Google and other tech giants highlight further why penetration testing is the best solution available in terms of help organizations understand precisely where their greatest points of risk exist today.