Netragard Blog

Netragard Blog2020-04-24T15:31:19-04:00

How to protect against the Modern Ransomware Attack

In 2019, over half of businesses were the victims of ransomware attacks with an average cost of $761,106. In 2020, attacks grew even worse with an estimated total price tag of $20 billion. Successful ransomware attacks are growing increasingly common despite the dozens of solutions that claim to provide 100% protection against ransomware. So, what’s going wrong? Ransomware “Solutions” Aren’t Working Most companies are aware of the threat of [...]

AI Series Part 2: Social Media and the Rise of “Echo Chambers”

This is the second post in a series discussing AI and its impacts on modern life. In this article, we’ll explore how AI is used in social media and the ramifications of training AI while defining “success” based upon the “wrong” metrics. Social Media Is not Free Social media platforms that offer “free” services aren’t actually free. These companies need to make a profit and pay their staff, so [...]

AI Series Part 1: Introduction to the Modern Threats of AI

This is the first post in a series discussing AI and its impacts on modern life. Artificial Intelligence is useful, powerful, and dangerous when used irresponsibly. Its being leveraged by a wide variety of industries including but not limited to social media, defense contractors and information security companies. Some of the dangers created by the use of AI are overt while others are very subtle. For example, the ongoing [...]

Embedded Device Security Research: AXON Body 2 – Body Worn Cameras

Introduction Netragard performs regular vulnerability research against software and hardware. While most of this research is customer confidential, some of the research is intended for disclosure. The focus of our research for this article was the AXON Body 2 Worn Camera which plays a critical role in protecting civilians and police officers. Due to the sensitive nature of the evidence collected by the AXON Body 2 it is particularly [...]

SolarWinds, SOX, and Corporate Responsibility for Cybersecurity

By now, most everyone has heard of the SolarWinds breach. Cybercriminals took advantage of SolarWinds’ poor cybersecurity practices to gain access to their network and implant malicious code within updates to their Orion network monitoring solution. This Orion solution is widely used, and its compromise led to the attackers gaining access to the networks of many large enterprises and a significant percentage of US government agencies. As a result, [...]

The Security Risks Behind Voting Machines & Mail-in Ballots

In recent months, the security of absentee voting, widely used due to the threat of the COVID-19 pandemic, has been called into question. But are these processes any less secure than the electronic voting systems used on a “normal” election day? Introduction to Electronic Voting System Security Electronic voting systems come in a number of different forms. At the polls, a voter may experience a few different types of voting [...]

Inside the 2020 Ping of Death Vulnerability

What is the 2020 Ping of Death? Ping of Death vulnerabilities are nothing new. These vulnerabilities arise from issues in memory allocation in the TCP/IP stack. If memory is improperly allocated and managed, a buffer overflow vulnerability can be created that leaves the application vulnerable to exploitation. The original Ping of Death was discovered in 1997 and was the result of an implementation error in how operating systems handled [...]

Inside Zerologon

What is the Zerologon Vulnerability? Zerologon is a vulnerability in the Windows netlogon protocol (on Windows Server version 2008 and later) discovered by Tom Tervoort of Secura during a security review of the protocol (which had not previously undergone such a review).  Due to cryptographic and implementation errors in the protocol, an attacker can falsely authenticate and elevate their privileges to Domain Admin.  This has a number of potential [...]

What You Need to Know About Penetration Testing Liability

Penetration tests are designed to identify potential gaps in an organization’s cybersecurity. With an effective penetration test comes a variety of different risks.  Before engaging a penetration test provider, it is essential to understand the risks of penetration tests, how to minimize them, and why a good penetration testing firm will not be able to accept liability for actions performed in good faith. A Good Penetration Test Carries the [...]

How To Scope a Penetration Test (The Right Way)

How to Define the Scope of Your Next Pentest Engagement One of the most important factors in the success of a penetration test is its scope.  Scope limitations are an understandable and even common desire.  However, they can make the results of a pentest worse than useless by providing a false sense of security.  Read on to learn why it is important to work with and trust your pentest [...]

How To Become A Hacker – CyberSecurity Careers

With Cybersecurity Career Talks Do you want to know "How To Become A Hacker" let us learn from world-renowned hackers, cybersecurity experts, social engineering experts. Adriel Desautels, Jayson E. Street and Philippe Caturegli share the mindset, training, experience and education (if any) required for a cybersecurity career. Who is a hacker? A person who finds innovative ways of solving problems. Attributes required for breaking [...]

Protect Yourself – Chronicle’s 4-Part Video Series

This first clip focuses on confidence tricks (Social Engineering) which is something that we also do when we deliver Realistic Threat Penetration Tests to our customers. Our objective when using social engineering isn't to con our customers out of money but instead to trick them into doing things that enable us access to their corporate network. This can include stealing passwords, deploying malware, or simply convincing someone to grant [...]

Load More Posts