Our Blog

RSS

I spent the weekend with one of the coolest groups of security professionals I’ve ever had the privilege to meet at Derbycon. I highly recommend it. It’s always great to get into the middle of a massive exchange of ideas, because you always…

Read More

I think it’s only fitting as we come upon October and the month of scary things to talk about what healthcare providers have been dreading for some time now… the HIPAA audits are coming. According to the Department of Health and Human Services, the…

Read More

A few weeks ago, we talked about grabbing hashes and cracking them. What if I told you that in most networks these days, you don’t have to bother with cracking the passwords? That’s right! With most networks with Active Directory, you can use…

Read More

The Internet of Things. What started as a buzzword and visions of becoming George Jetson with our refrigerators quickly telling our phones that we are out of milk only to have our phones remind us while we drive by the grocery store. While…

Read More

Are you using penetration testing in your cyber-security tool kit? Why not?! Penetration testing, or pen-testing, is one of the most important tools to not only find the holes in your network but to prioritize them for remediation. Keep reading for the 10…

Read More

You can’t stop something you can’t see. In today’s world, threats are evolving constantly and prevention tools like anti-virus, firewalls, IDS/IPS and sandboxes are unable to stop infections that they haven’t seen before. Core Network Insight is different. It fills the gap between…

Read More

The more pen-tests I do, the more I see that despite how every organization claims that they’re different, I see the same commonalities with how things are being managed inside the network. One of those commonalities that I see tends to vastly improve…

Read More

We have reached a state of data overload. Not too long ago “big data” just seemed like a buzz word thrown around to scare people into needing more tools to digest and consume the data overload within the organization. Now, big data has…

Read More

By: Jonathan Sander A new breach at a major hotel chain hit the headlines recently claiming “Thousands of Guests' Data May Have Been Hacked at Starwood, Marriott, Hyatt Hotels.” But how new is this? The attack used malware to collect data from point…

Read More

Continuing with my Getting Physical blog posts series (CanSec2016’s presentation), in this third episode I’m going to talk about how Windows Paging is related to the HAL's heap and how it can be abused by kernel exploits. This is probably the simplest way of abusing Windows paging structures, because deep…

Read More