Ah yes, credential stuffing! Almost as common as thanksgiving stuffing, yet as distasteful as black Friday shopping. Credential stuffing is especially effective when it’s coupled with user enumeration. The likelihood of user enumeration attacks occurring ...
In this blog we discuss dangling DNS and how if left unresolved, an attacker can mar the reputation of a victim company. First let's start by defining Domain Name System (DNS). A Domain Name System ...
Bringing your own device (BYOD) is a common practice within many organizations and due to COVID-19, the adoption of BYOD has expanded. The belief that software or applications can protect data from bad actors or ...
Many organizations leverage AWS as their cloud computing platform. Allowing access to and from their AWS resources is critical for workloads to operate uninterrupted. This means that an AWS VPC is often seen as a ...
In the last blog, we discussed the components that are used in hardware hacking, the discovery phase and how to pull information off a device leveraging a UART port and the Das U-Boot boot loader. ...
There are many devices out there that store information in different ways and unfortunately, not all of them take security into account. With the advent of the Internet of Things (IoT), device manufacturers are publishing ...
Application security practitioners often preach about the importance of shifting security left in the software development life-cycle (SDLC). The reason this catch-phrase so-easily resonates with leadership is simple: if it’s possible to identify and remediate ...
Not too long ago, while working at another company, I was subjected to a presentation by a paid speaker at our annual sales kickoff meeting. Since I was heavily focused on security consulting solutions for ...
SuiteCRM is a popular open-source Client Relations Manager (CRM). I took some time to review the code and basic implementation of the application within a vanilla Ubuntu Debian build. I found good security practices within ...
