information leaks

Facebook Removes Privacy Settings (or Why it’s hard to hide information on the Internet)

A few weeks ago Facebook announced the removal of a “Search” setting. That’s their marketing term for a privacy setting. The setting in question allowed a user to prevent his or her Facebook profile from being discovered via Facebook’s search function. Now before you go look for it, you should know that most of us …

Facebook Removes Privacy Settings (or Why it’s hard to hide information on the Internet)Read More »

Professionally Evil: Your Stealth Startup is Showing

During our penetration tests we often get asked about the amount of information that is leaking out via social networks, web pages and the like.  In fact the first step in our methodology is Recon where we search the Internet and social networks for information about the company we are targeting.  It is sometimes surprising what we find when …

Professionally Evil: Your Stealth Startup is ShowingRead More »

Decoding F5 Cookie

As a Penetration Tester, there are many different things you come across while performing a test.   The one in which I will discuss in this post is the cookies returned by the F5 BigIp Server.  These cookies are purposed for load balancing and if not properly protected, will reveal IP addresses and ports of internal …

Decoding F5 CookieRead More »

Active Defenses?

Active defense, often mistakenly called hacking back, is a common topic thrown around the security space lately.  And I think there are a number of reasons for this. Current security technologies are beginning to show significant strain.  It seems almost daily there is breach of another large company or government institution.  Many of these companies …

Active Defenses?Read More »

Finding the Leaks

One of the common vulnerabilities we find when performing internal network penetration testing is sensitive data on open SMB file shares.  Now, by “open” I am including both unauthenticated as well as file shares that allow any authenticated user.  It certainly makes sense for organizations to have file shares that are accessible to all employees …

Finding the LeaksRead More »