John Strand // AV is Dead Long Live Whitelisting. We have been discovering more and more of our tests bypass AV controls with ease. We have yet to see any iteration or vendor in the blacklist space who is adequately preventing attacks using simple blacklist solutions. What needs to be done in this industry is a move towards a whitelisting […]
John Strand // There have been quite a few articles lately on how compliance standard X or Y is broken. Unfortunately, this often leads to blaming the nameless and faceless people behind the standards. It is easy to simply say they are dullards and not fit to be setting any agenda relating to computer security. While this may be […]
Joff Thyer // Many of us in the penetration testing community are used to scenarios whereby we land a targeted phishing campaign within a Windows enterprise environment and have that wonderful access into the world of Windows command line networking tools. You get your shell and before you know it, you are ready to […]
Joff Thyer // When performing a penetration of test of organizations with Windows desktops, many testers will now resort to using tools like Veil’s Powershell Empire in order to inject shellcode directly into memory. Without doubt, this is a fantastic technique as it avoids writing to disk and running headlong into a direct hit […]
Carrie Roberts // Continuing on the thread of highlighting Nessus vulnerability scan results that turned out to be more severe than reported . . . I always review the “Info” level “Service Detection” finding reported by Nessus, particularly any web servers that it lists because there are often blatant security issues hidden in there. This is as […]
Carrie Roberts // I learned some new stuff that will make me pay attention to “Asterisk Detection” Nessus informational findings in the future . . . On an external network scan, Nessus reported two hosts running Asterisk SIP services as an informational finding. When entering the IP address in a browser, only a blank page was […]
Mick Douglas // Current Status: – MS15-034 has remote Denial of Service (DoS) – Remote exploit code appears to be ready soon… maybe. Stay tuned. BLUE TEAM MARCHING ORDERS: – Patch. Now. Please. – Pay *very* careful attention to your IIS logs for systems that are attacking or attempting the DoS. You are being profiled. […]
Mick Douglas // Take look at this chart from last year’s Verizon Data Breach Report. It shows who notified the breached party when they were attacked. This graph is a sad indictment for all of us in the information protection industry. This chart means that only about 1 in 8 times there’s a breach it’s […]
