Netragard Blog

Netragard Blog2020-04-24T15:31:19-04:00

The Security Risks Behind Voting Machines & Mail-in Ballots

In recent months, the security of absentee voting, widely used due to the threat of the COVID-19 pandemic, has been called into question. But are these processes any less secure than the electronic voting systems used on a “normal” election day? Introduction to Electronic Voting System Security Electronic voting systems come in a number of different forms. At the polls, a voter may experience a few different types of voting [...]

Inside the 2020 Ping of Death Vulnerability

What is the 2020 Ping of Death? Ping of Death vulnerabilities are nothing new. These vulnerabilities arise from issues in memory allocation in the TCP/IP stack. If memory is improperly allocated and managed, a buffer overflow vulnerability can be created that leaves the application vulnerable to exploitation. The original Ping of Death was discovered in 1997 and was the result of an implementation error in how operating systems handled [...]

Inside Zerologon

What is the Zerologon Vulnerability? Zerologon is a vulnerability in the Windows netlogon protocol (on Windows Server version 2008 and later) discovered by Tom Tervoort of Secura during a security review of the protocol (which had not previously undergone such a review).  Due to cryptographic and implementation errors in the protocol, an attacker can falsely authenticate and elevate their privileges to Domain Admin.  This has a number of potential [...]

What You Need to Know About Penetration Testing Liability

Penetration tests are designed to identify potential gaps in an organization’s cybersecurity. With an effective penetration test comes a variety of different risks.  Before engaging a penetration test provider, it is essential to understand the risks of penetration tests, how to minimize them, and why a good penetration testing firm will not be able to accept liability for actions performed in good faith. A Good Penetration Test Carries the [...]

How To Scope a Penetration Test (The Right Way)

How to Define the Scope of Your Next Pentest Engagement One of the most important factors in the success of a penetration test is its scope.  Scope limitations are an understandable and even common desire.  However, they can make the results of a pentest worse than useless by providing a false sense of security.  Read on to learn why it is important to work with and trust your pentest [...]

How To Become A Hacker – CyberSecurity Careers

With Cybersecurity Career Talks Do you want to know "How To Become A Hacker" let us learn from world-renowned hackers, cybersecurity experts, social engineering experts. Adriel Desautels, Jayson E. Street and Philippe Caturegli share the mindset, training, experience and education (if any) required for a cybersecurity career. Who is a hacker? A person who finds innovative ways of solving problems. Attributes required for breaking [...]

Protect Yourself – Chronicle’s 4-Part Video Series

This first clip focuses on confidence tricks (Social Engineering) which is something that we also do when we deliver Realistic Threat Penetration Tests to our customers. Our objective when using social engineering isn't to con our customers out of money but instead to trick them into doing things that enable us access to their corporate network. This can include stealing passwords, deploying malware, or simply convincing someone to grant [...]

The dark side of bug bounties

Bug Bounty companies (often called crowd sourced penetration tests) are all the hype.  The primary argument for using their services is that they provide access to a large crowd of testers, which purportedly means that customers will always have a fresh set of eyes looking for bugs.  They also argue that traditional penetration testing teams are finite and, as a result, tend to go stale in terms of creativity, depth, [...]

Protecting Your Business From Your Remote Workforce

A significant portion of your workforce is currently moving to perform full- or part-time remote work as a result of COVID-19.  As you modify your business processes and workflows to accommodate this change, it’s important to understand how remote work affects your cybersecurity posture and what openings and opportunities exist for cybercriminals to take advantage of you.  We would like to take this opportunity to provide advice on how to [...]

Industry standard penetration testing and the false sense of security.

Our clients often hire us to as a part of their process for acquiring other businesses.   We’ve played a quiet role in the background of some of the largest acquisitions to hit the news and some of the smallest that you’ve never heard of.  In general, we’re tasked with determining how well secured the networks of the organization to be acquired are prior to the acquisition.   This is important because [...]

The reality behind hospital and medical device security.

We recently presented at the DeviceTalks conference in Boston Ma about the vulnerabilities that affect hospitals and medical devices (insulin pumps, pacemakers, etc.).  The goal of our presentation wasn’t to instill fear but sometimes fear is a reasonable byproduct of the truth.  The truth is that of all the networks that we test, hospital networks are by far the easiest to breach.  Even more frightening is that the medical devices [...]

Gizmodo interview with Netragard – "Snake Oil Salesmen Plague the Security Industry, But Not Everyone Is Staying Quiet"

https://gizmodo.com/snake-oil-salesmen-plague-the-security-industry-but-no-1822590687 Adriel Desautels was suddenly in a serious mess, and it was entirely his fault. Sitting in his college dorm room back in the mid-1990s, Desautels let his curiosity run rampant. He had a hunch that his school’s network was woefully insecure, so he took it upon himself to test it and find out. “My thoughts at the time were, ‘Hey, it’s university. I’m here to learn. How much harm [...]

Load More Posts