Vulnerability Management Makes it Harder to for Hackers to Exploit Your Systems

From a penetration tester’s perspective, there are a few things that quickly indicate an organization’s maturity (and the likelihood our team will be able to exploit their environment). If any of these exist, the chance we will be able to successfully breach their environment increases: Indicators a Hacker Can Breach Your Systems Aging Infrastructure One[…]

Diversion Tactics: Using Vulnerable Windows Servers to Fool Hackers

Windows Servers are practically irresistible to hackers everywhere. This makes the lone Windows Server a perfect candidate for a honeypot. In this post we explore how to use a Windows Server to divert a hacker’s attention from what matters than by giving them what they think is an easy win!

Penetration Test Engagement Types: A Comprehensive Guide to Defending Against Real-World Attackers by Simulating Real-World Attacks (Whitepaper)

  Cybersecurity is a business problem impacting the livelihoods of companies and their owners. As a  result, Management and Leadership must take steps to proactively identify and resolve security vulnerabilities to protect company value. A great place to begin (or continue) maturing your security environment is through penetration test activities. Penetration tests can be a[…]

Understanding Phishing and How to Stop the Scam

Phishing is when a malicious individual, using email, impersonates a sender that an internal user would have familiarity with, sometimes targeted towards highly specific personnel (Spear Phishing), to execute their intent. Attackers can do this by spoofing their email address to make it appear as though it is coming from a trusted source. Low level[…]

Security Due Diligence: An Analysis of Security in the Sales Cycle for Companies Serving the Banking Sector (Whitepaper)

Studies performed by the Ponemon Institute linked 56-59% of security breaches to third parties. At the same time, companies are increasingly leveraging specialty service providers to perform critical business functions. Combined, third-party risk is being elevated to the board level and banks are scrambling to manage their vendor-related risks. The net result for service providers[…]

Beyond Vulnerability Scans: Mitigating and Monitoring for Malware Leveraging C2 Systems

Many modern forms of malware are now file-less and rely on Command & Control (C2) infrastructure to assist outsiders with gaining unauthorized access to networks. This malware “phones home” to remote attackers, who then leverage the internal foothold to infiltrate networks and execute attacks. These attacks can be difficult to detect when security monitoring is[…]

Securing Enterprise Networks with Port-Based Network Access Control

One of the biggest threats facing enterprises are outsiders plugging directly into an Ethernet port and being granted instant, unauthenticated access to the network. This threat is especially common in hospitals where there is heavy use of computer systems mixed with untrusted outsiders roaming the halls. Shutting down unused ports is the traditional mitigation. Still[…]

Analyzing Your Attack Surface Like A Hacker

When most people think of hacking, they think of what Hollywood portrays. In a dark basement, a hooded, perhaps tattooed outcast rapidly types nonsensical keystrokes at a flashy computer monitor for several seconds before snidely muttering, “I’m in.” By that representation, the hacking process seems pretty straightforward: find a vulnerability, exploit it and ride off[…]

GDPR: Understanding the Impact of Automated Decision Making and Profiling (Whitepaper)

Profiling and automated decision-making are not prohibited under GDPR.  However, both of these activities are subject to detailed requirements on when they can legitimately be performed and what must be communicated to data subjects. Key Questions: 1| How are automated decision-making and profiling defined under GDPR? 2| How do the general rules of GDPR apply[…]