Technical Best Practices

View technical best practices for penetration testing and vulnerability management from Core Security.

Most cyber-attacks take place in only five moves. Learn how to counter bad actors with five moves of your own to detect, deter, and remediate risks in your organization.

Read More

 In the past, penetration testing was a fancy name for breaking through a network firewall. However, as technology advances and breaches become even more dangerous – costing an average of £2.53 million, according to research sponsored by IBM – security executives need to…

Read More

A week ago I pontificated at the world about the Pokémon Go! craze. It’s been an interesting study in human behavior, and not all of it good. First off, the concerns about the overreach on information have been alleviated by updates. As I…

Read More

You may think that July is a little early to publish a “best of” blog but we thought, why wait? Our Core Labs team is busy working on new vulnerabilities, patches, and exploits but we wanted to take a minute and review all…

Read More

Continuing with the previous Getting Physical blog posts series (CanSec2016's presentation), this time I'm going to talk about what paging implementation has been chosen by Windows and how it works. At the same time and according to Alex Ionescu's blog post, it's interesting to see that Microsoft has…

Read More

According to this year’s Verizon Data Breach Report, half of exploitations happen between 10 and 100 days with the median time being around 30 days. Of these exploitations, 85% of them are successful by using the top 10 most common vulnerabilities while the…

Read More

We can’t agree on a name, but we can agree it’s a big deal. What is this thing?Many are saying this vulnerability could be bigger than Heartbleed. From my perspective, Heartbleed was a bit more troubling due to the affected component and the massive…

Read More

I've been thinking about the problems that occur when a new vulnerability appears, and how vendors and users react in these situations. In cases where a vulnerability is found in a specific program, the vendor is responsible for finding a fix and distributing the patched…

Read More

Hi everyone, I would like to make some comments about the Microsoft MS14-006 update. In the last February Patch Tuesday, Microsoft released a fix for the TCP Windows driver (tcpip.sys). According to the patch bulletin "https://technet.microsoft.com/en-us/security/bulletin/ms14-006" only Windows 8 and Windows 2012 were…

Read More

According to the latest report from the Anti-Phishing Working Group, phishing campaigns are declining. Good news, right? Wrong! Research from RSA indicates that losses from phishing totaled $1.5 billion (PDF) in 2012, so this is clearly a big moneymaker for cyber-criminals. And while…

Read More