How these dirty scammers tried to use LinkedIn to steal our customer’s passwords

Earlier this morning one of our more savvy customers received an email from noreply@linkedin.com. The email contained a “New Message Received” notification allegedly sourced from CEO Tom Morgan. Contained in the email was a link that read, “Click here to sign in and read your messages”. Fortunately we had already provided training to this particular…

Enemy of the state

A case study in Penetration Testing We haven’t been blogging as much as usual largely because we’ve been busy hacking things.   So, we figured that we’d make it up to our readers by posting an article about one of our recent engagements. This is a story about how we covertly breached a highly sensitive network…

What real hackers know about the penetration testing industry that you don’t.

  The information security industry has become politicized and almost entirely ineffective as is evidenced by the continually increasing number of compromises. The vast majority of security vendors don’t sell security; they sell political solutions designed to satisfy the political security needs of third parties. Those third parties often include regulatory bodies, financial partners, government…

Penetration Testing Vendor Comparison. How To Select The Right Vendor.

Video Overview: Not all penetration testing services are equal. This video discusses what to watch out for when selecting a penetration testing vendor. Penetration Testing Vendor Comparison Video Below. https://www.youtube.com/watch?v=dRrxNWVYL7E Not all Penetration Testing companies are created equal. In this video we walk through the right way to conduct penetration testing versus the wrong way. Most testing…

Cambium Group, LLC. CAMAS Advisory

We’ve finally released the Cambium Group, LLC Content Management System (“CAMAS”) advisory after much waiting and debate. These security risks were discovered in CAMAS during a customer penetration test that we did in August of 2007 (we notified the Cambium Group about these risks on 08/24/2007). The security vulnerabilities that are disclosed in the advisory…