social engineering

Getting Started with BeEF: The Browser Exploitation Framework

This post is the first in a series on Getting Started with information security tools. For more posts in this series, check out the Getting Started label on this post.  BeEF, the Browser Exploitation Framework, is a testing tool designed to enable penetration testers to launch client-side attacks against target browsers. By using techniques similar …

Getting Started with BeEF: The Browser Exploitation FrameworkRead More »

The Watering Hole: Is it Safe to Drink?

How many times have you been told you have a vulnerability that you just don’t understand  its relevancy?  Cross-Site scripting comes to mind for many people.   Sure, they get the fact that you can execute scripts in the user’s browser, but often times they really don’t fully understand the impact.  Of course, we determine that …

The Watering Hole: Is it Safe to Drink?Read More »

Professionally Evil: Your Stealth Startup is Showing

During our penetration tests we often get asked about the amount of information that is leaking out via social networks, web pages and the like.  In fact the first step in our methodology is Recon where we search the Internet and social networks for information about the company we are targeting.  It is sometimes surprising what we find when …

Professionally Evil: Your Stealth Startup is ShowingRead More »

Where in the RSA is Kevin?

So RSA 2013 in San Francisco is coming up and I will be there for two different parts of the event. First, on the 24th and 25th of February, I will be presenting a two-day class Security 571 from SANS.  This course is a two day course about mobile device and application security.  As the …

Where in the RSA is Kevin?Read More »

Gone Phishing

Many organizations do not include phishing in their annual penetration tests, as they believe that most phishing emails will be stopped by their email filtering solutions.  Any “phishy” emails that get through will likely be clicked on by their employees but stopped by anti-virus or web filtering controls.  These controls are good, but they typically …

Gone PhishingRead More »

Scroll to Top