Resources

Cloud Security
Blog

What does “Compliance” mean to a Healthcare CISO?

Fri, 05/08/2020
The role of the healthcare CISO has expanded exponentially since the HITECH Act of 2009. CISOs were traditionally charged with the responsibility to maintain the IT environment consisting of applications and infrastructure. Today they are taking on an expanded organizational role consisting of innovation, operational responsibility and compliance. Although, the governance for compliancy...
Compliance
Pen Testing Stories from the Field: Combining Tools to Take Over an Entire Domain
Blog

Pen Testing Stories from the Field: Combining Tools to Take Over an Entire Domain

Tue, 04/21/2020
There is no single set of instructions on how to run a penetration test, and no one manual on how to be a pen tester. The only real constant is that each job is a combination of preparation and improvisation to adapt and adjust to each environment’s quirks. So one of the best ways to learn and improve your own penetration testing techniques and strategies is from your peers, whether it be through...
Penetration Testing
Blog

How to Revamp Your Organization's Cybersecurity Program

Mon, 04/06/2020
When cyberattacks and data breaches make the news, it’s usually because they’re at large companies like Facebook or healthcare organizations. But every organization, large or small, needs to be concerned about cybersecurity; hackers have begun to understand that, while smaller companies may have less data on hand, they may have access to covetable third parties. And, they’re less likely to have...
Phishing
Compliance
Blog

Top 3 IT Strategies for Optimizing Productivity

Tue, 03/24/2020
Little fires everywhere – not just a best-selling novel and new streaming show starring Reese Witherspoon: it’s what most respondents said was the biggest impediment to productivity in their workday. Distractions in the form of meetings, urgent emails, and (worst case) system outages force even the most organized sysadmin to push tasks back and cause pileups in the future. Whether or not you’re...
Article

Reversing & Exploiting with Free Tools: Part 3

In part two of this series, we learned to solve the exercise stack1 using x64dbg, debugging tool that allows us to analyze a program by running it, tracing it, even allowing us to set breakpoints, etc. In those tools we’re not only running the program, we can also reach the function to analyze and execute it. But even when a tool like this is easy to use, there are many cases where it’s not...
Blog

What is the California Consumer Privacy Act?

Thu, 01/23/2020
The California Consumer Privacy Act (CCPA), the latest data privacy law in the Golden State, went into effect on January 1st, 2020. Some have compared it to the UK’s GDPR (General Data Protection Regulation), and they’re not far off – like the GDPR, the CCPA is intended to protect individuals’ private data by making data collection and usage more transparent between consumers and companies. What...
Blog

How to Choose: Penetration Tester vs. Red Team

Tue, 08/22/2017
Don’t be misled into thinking that because you have a Penetration Tester that you have a Red Team – or that because you have a Red Team you have a Penetration Tester. While some functions may overlap, you are getting two different things when enlisting the help of each.
Penetration Testing
Red Team
The Threat and Vulnerability Management Maturity Model
Blog

The Threat and Vulnerability Management Maturity Model

Thu, 02/21/2013
There are differences between each of the high-profile hacks you’ve seen in recent headlines, but there are also a few consistent characteristics of the modern breach. Inevitably, we discover known software vulnerabilities were left unpatched, networks were exposed and critical assets were open to attack.
Threat Detection
IT Security
Blog

The Exponential Nature of Password Cracking Costs

Mon, 02/11/2013
Flavio De Cristofaro used to run our Security Consulting Services (SCS) group and long time password cracking enthusiast was recently asked to present at AppSecLatam2012 on Lessons learned from Recent Password Leaks. The following is his analysis on the exponential nature of password cracking costs. The exponential nature of password cracking costs Let’s assume for a moment that you suffered a...
IGA