The times, they are a changin', as Bob Dylan would say. It's a time of a lot of global change, leading to dramatic shifts in different industries. Organizations have to be agile and change along with it, all while keeping cybersecurity top of mind. New changes mean new attack vectors One thing that comes with new changes are new attack vectors. That's why organizations need to stay vigilant during...

What’s the point of establishing a baseline if you don’t intend to track your progress? When organizations only run an initial pen test, they are only getting half the picture. A pen test is used to give a business a baseline idea of how well their systems would stack up against hackers who wanted to exploit vulnerabilities. Once the results are delivered, it’s up to the team to implement those...

Some time ago, Core Impact added a module that supports the use BloodHound, a data analysis tool that uncovers hidden relationships within an Active Directory (AD) environment. This module enabled the collection of Active Directory information through the Agent using SharpHound. Additional modules have now been added to allow Core Impact users to further utilize Bloodhound. In this blog, we’ll...

There’s something positive about a healthy degree of fear. It lets us understand our own limitations, heightens our senses, and keeps us alive. The tendency to err on the side of caution was called out in our recent 2023 Penetration Testing Report as a smart practice when it comes to cybersecurity. In fact, though security professionals reported less confidence in their security posture, this loss...

As cybersecurity needs continue to rise, it’s no secret that organizations are having to do more with less. In any given company one can find modern-day use of the old adage, “Patch it up, wear it out, make it do or do without.” That make it do part is exactly what upskilling and reskilling is all about. As companies respond to growing threat appetites with fewer qualified personnel in the job...

First there was the boom – now there’s the bust. Organizations that invested in myriad new solutions to handle the complexity of myriad security problems now have a different problem on their hands – how do you handle all of the vendors? Companies are finding there’s a different kind of noise when too many providers are in the mix, and they’re looking to cut back. They still need the effectiveness...

Do you know the difference between internal pen tests, external pen tests, and wireless pen tests? It matters.With the threat landscape expanding and criminals taking advantage of security gaps, organizations are turning to controls that can help them limit their exposure. Among other controls, penetration testing stands out because it simulates attackers' malicious activities and tactics to...

Security adviser Roger Grimes once famously wrote, "To beat hackers, you have to think like them.” Grimes explained that security professionals should step into the attackers’ shoes and seek how to break into corporate systems, discover weaknesses, and create robust security countermeasures. Walking the walk of an attacker is what penetration testing is all about. What is In-House Pen Testing? ...

So why are we talking about hacking of an IBM i? I think that's certainly not a headline we see very often, as IBM i systems have been considered un-hackable for years. Anyone who has worked on IBM i has heard some of these statements: “Nobody Can Hack an IBM i.” “Never in my 40 years in the business has anyone hacked an IBM i!” “IBM i’s don’t have hacking problems like Windows...

Popular entertainment would have us believe that hackers are all sophisticated attackers ready to strike the latest vulnerabilities. That is sometimes true, but it’s become increasingly apparent that whether it’s the latest zero-day bug or something that was discovered the same year Apple released the iPad, hackers are equal-opportunity offenders. "Classic" Vulnerabilities Cybersecurity...

Lately, there has been an important increase in the relevance of valid call stacks, given that defenders have started to leverage them to detect malicious behavior. As several implementations of “Call Stack Spoofing” have come out, I decided to develop my own, called Hardware Call Stack. Call stack spoofing 101 To create a credible call stacks, I decided to use the technique developed by William...