Our team researches and documents bleeding-edge security concepts and hacking techniques. This blog explores these topics and more to keep you informed.
Network security is a unique field of IT, and unlike many other IT fields, it seems almost hostile to anyone new and looking to learn about pentesting. I’ve heard several statements that boil down to “I want to learn how to be a pentester but I
Ah yes, credential stuffing! Almost as common as thanksgiving stuffing, yet as distasteful as black Friday shopping. Credential stuffing is especially effective when it’s coupled with user enumeration. The likelihood of user enumeration attacks
In this blog we discuss dangling DNS and how if left unresolved, an attacker can mar the reputation of a victim company. First let’s start by defining Domain Name System (DNS). A Domain Name System is an assortment of databases that
Bringing your own device (BYOD) is a common practice within many organizations and due to COVID-19, the adoption of BYOD has expanded. The belief that software or applications can protect data from bad actors or negligence does not always take
Many organizations leverage AWS as their cloud computing platform. Allowing access to and from their AWS resources is critical for workloads to operate uninterrupted. This means that an AWS VPC is often seen as a logical extension of the corporate
In the last blog, we discussed the components that are used in hardware hacking, the discovery phase and how to pull information off a device leveraging a UART port and the Das U-Boot boot loader. However, in some cases we aren’t able to
There are many devices out there that store information in different ways and unfortunately, not all of them take security into account. With the advent of the Internet of Things (IoT), device manufacturers are publishing devices faster than ever,
Application security practitioners often preach about the importance of shifting security left in the software development life-cycle (SDLC). The reason this catch-phrase so-easily resonates with leadership is simple: if it’s possible to identify
Not too long ago, while working at another company, I was subjected to a presentation by a paid speaker at our annual sales kickoff meeting. Since I was heavily focused on security consulting solutions for my client base, our leadership assumed
Latest posts
Our team researches and documents bleeding-edge security concepts and hacking techniques. This blog explores these topics and more to keep you informed.
Hacking 101: Getting Your Bearings
By Rob Waltman | August 19, 2021 | Blog
Network security is a unique field of IT, and unlike many other IT fields, it seems almost hostile to anyone new and looking to learn about pentesting. I’ve heard several statements that boil down to “I want to learn how to be a pentester but I
User Enumeration in a Production Environment – Credential Stuffing 101
By Ryan Fisher | July 19, 2021 | Blog
Ah yes, credential stuffing! Almost as common as thanksgiving stuffing, yet as distasteful as black Friday shopping. Credential stuffing is especially effective when it’s coupled with user enumeration. The likelihood of user enumeration attacks
Dangling DNS: Low Hanging Fruit with Severe Consequences
By Ryan Fisher | April 28, 2021 | Blog
In this blog we discuss dangling DNS and how if left unresolved, an attacker can mar the reputation of a victim company. First let’s start by defining Domain Name System (DNS). A Domain Name System is an assortment of databases that
Exploiting Bring Your Own Device (BYOD)
By Anthony Ralston | February 12, 2021 | Blog
Bringing your own device (BYOD) is a common practice within many organizations and due to COVID-19, the adoption of BYOD has expanded. The belief that software or applications can protect data from bad actors or negligence does not always take
Command and Control Through AWS S3 Buckets
By Anthony Ralston | January 13, 2021 | Blog
Many organizations leverage AWS as their cloud computing platform. Allowing access to and from their AWS resources is critical for workloads to operate uninterrupted. This means that an AWS VPC is often seen as a logical extension of the corporate
Introduction to Hardware Hacking: Part 2
By Anthony Ralston | December 2, 2020 | Blog
In the last blog, we discussed the components that are used in hardware hacking, the discovery phase and how to pull information off a device leveraging a UART port and the Das U-Boot boot loader. However, in some cases we aren’t able to
Introduction to Hardware Hacking: Part 1
By Anthony Ralston | November 13, 2020 | Blog
There are many devices out there that store information in different ways and unfortunately, not all of them take security into account. With the advent of the Internet of Things (IoT), device manufacturers are publishing devices faster than ever,
Shifting Security Left: A Practical Guide
By Cornel du Preez | November 5, 2020 | Blog
Application security practitioners often preach about the importance of shifting security left in the software development life-cycle (SDLC). The reason this catch-phrase so-easily resonates with leadership is simple: if it’s possible to identify
Is your penetration testing vendor just trying to sell you products and services?
By Brent Brackin | September 17, 2020 | Blog
Not too long ago, while working at another company, I was subjected to a presentation by a paid speaker at our annual sales kickoff meeting. Since I was heavily focused on security consulting solutions for my client base, our leadership assumed