Your Passwords Were Stolen: What’s Your Plan?

If you have been glancing at many news stories this year, you have certainly seen the large number of data breaches that have occurred. Even just today, we are seeing reports that Drupal.org suffered from a breach (https://drupal.org/news/130529SecurityUpdate) that shows unauthorized access to hashed passwords, usernames, and email addresses. Note that this is not a …

Your Passwords Were Stolen: What’s Your Plan? Read More »

SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority

In this post, I wanted to give something directly to the Blue Teams out there.  I also thought I would call us out a bit for sending mixed messages to our users.  All too often we find internal websites using invalid SSL certificates when we are on an engagement.  Almost every user awareness document or …

SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority Read More »

Using a Throwing Star to Capture Packets

Mobile applications are a hot commodity these days.  It seems like everyone and their brother/sister is writing them.  Kevin Johnson even tells a story of a bait/mobile application shop here in Florida somewhere.  When I say bait, you guessed it, I really mean bait as in fishing bait.  Earthworms and such.  With everyone writing these …

Using a Throwing Star to Capture Packets Read More »

Professionally Evil: This is NOT the Wireless Access Point You are Looking For

I was recently conducting a wireless penetration test and was somewhat disappointed (but happy for our client) to find that they had a pretty well configured set of wireless networks.  They were using WPA2 Enterprise and no real weaknesses that I could find in their setup.  After conducting quite a bit of analysis on network …

Professionally Evil: This is NOT the Wireless Access Point You are
Looking For
Read More »

The Watering Hole: Is it Safe to Drink?

How many times have you been told you have a vulnerability that you just don’t understand  its relevancy?  Cross-Site scripting comes to mind for many people.   Sure, they get the fact that you can execute scripts in the user’s browser, but often times they really don’t fully understand the impact.  Of course, we determine that …

The Watering Hole: Is it Safe to Drink? Read More »

Professionally Evil: Your Stealth Startup is Showing

During our penetration tests we often get asked about the amount of information that is leaking out via social networks, web pages and the like.  In fact the first step in our methodology is Recon where we search the Internet and social networks for information about the company we are targeting.  It is sometimes surprising what we find when …

Professionally Evil: Your Stealth Startup is Showing Read More »

Scroll to Top