Technical Best Practices

View technical best practices for penetration testing and vulnerability management from Core Security.

Did you happen to attend live or watch the recorded version of the SANS webcast Because Jail Is Not Fun - Hacking Back Legally and hear our friend John Strand mention the Impact MS Word Web Bug module (about 31 minutes in)? If…

Read More

The recent news around the leaking of 6+ million LinkedIn passwords (albeit in an 'encrypted' form) The follow on phishing attacks were really just a matter of course. But is was a question posed by my colleague at work that really got me…

Read More

Last week as Patch Tuesday (which was today) approached, I wondered about the efforts of admins everywhere to understand, test and then apply those patches that are applicable for their environment. I wonder if it would be possible to measure the combined effort of…

Read More

Patch Tuesday is over and colleagues are busy sorting through various remedies from Microsoft to figure out what they are fixing. (For more on this process in action, go here.) As you may know, Patch Tuesday occurs during the second week of each month, with a summary of…

Read More

I am thinking about all the new ways mobile technology saved me from potential road rage in the mall parking lot this past weekend (especially Friday). To be precise, I much prefer the idea of strolling around various stores before Thanksgiving, find things…

Read More

There's been another worm making its way around networks over the past couple months; it's called Morto. There are a few different variants of this worm, but the way it works and how it infects a machine is the same for each variant,…

Read More

The following post is excerpted from an article that I co-authored with Anup Ghosh, founder and chief scientist at Invincea, to introduce a recent issue of IEEE Security & Privacy that focused on Cloud Computing Security. In the article, we present the economic…

Read More

The IT security and vulnerability research communities speak their own language, with varying degrees of efficacy in terms of getting their point across.

Read More

Core Security CTO Ivan Arce responds to claims by Absolute Software that the research published by our CoreLabs experts at the Black Hat USA 2009 conference was not accurate, and that they weren't given a sufficient chance to respond to the findings prior to the given presentation.

Read More

Don't miss out on CORE IMPACT Pro's modules when conducting tests; they're very effective, and also a heck of a lot of fun!

Read More