Penetration testing

Learn more about the benefits of penetration testing. If you need help with security assessments or penetration testing, contact Core Security,


How to prevent phishing attacks

The term “phishing” can be traced back to 1996, when it was used to reference a group of attackers that were imitating AOL employees using AOL messenger, asking people to verify their accounts or billing information. Many unsuspecting users fell prey to this…

Read More


What is zeppelin ransomware

Zeppelin is the latest member of the VegaLocker ransomware family, which also contains strains like Jamper, Storm, or Buran. Zeppelin is an example of well-organized threat actors, as those behind Zeppelin have been incredibly strategic in carefully targeting these ransomware attacks. First spotted…

Read More

A Core Impact module was released on January 14, 2020 to exploit an as-yet unpatched patch traversal flaw in Citrix Application Delivery Controller (ADC) and Gateway (formerly known as NetScaler ADC & NetScaler Gateway) identified as CVE-2019-19781. This critical vulnerability is a path traversal…

Read More


What is the CMMC

Later this month, the U.S. Department of Defense (DoD) will release version 1.0 of the Cybersecurity Maturity Model Certification (CMMC). The CMMC will be a mandatory third-party certification for any DoD contractors and subcontractors, intended to help protect the government’s sensitive, unclassified data…

Read More


challenges of pen testing

There is no arguing that a penetration test can be an invaluable exercise to evaluate the security of an IT infrastructure. Despite the necessity for these critical evaluations, many security teams struggle to maximize the effectiveness of pen tests in their organization. What…

Read More


Cyber Threats in 2019

What’s the best way to get a leg up on cybersecurity in 2020? Learning from the biggest problems of the past year can show emerging patterns and trends that can help shape your security strategy, ensuring that you know what to watch for…

Read More


Taking Command: A Three Step Approach to Surviving Today’s Cyber Domain

Over just a few decades, science fiction has become reality with the advent of cyberspace.  Organizations can instantly communicate across the globe, completing work faster than ever thanks to these innovations. And though cybersecurity quickly became one of the most rapidly growing fields,…

Read More

During hardware-oriented engagements, we are sometimes faced with a hardware device's firmware image. This may happen because we downloaded a firmware upgrade image to try to understand a device with a view of finding security flaws, or we may find an unknown device…

Read More

The latest and greatest in Linux-MTD is UBI and UBIfs. It is important to keep in mind that UBI is not the same as UBIfs. These two are actually two layers in a stack. UBI UBI (unsorted block images) is an abstraction layer that rides…

Read More

While many inaccurately use vulnerability scans or vulnerability assessments as terms that are synonymous with penetration tests, others explain the differences as though you have to choose between the two. Vulnerability assessments are tools that search for and report on what known vulnerabilities…

Read More