Netragard Blog

Netragard Blog2020-04-24T15:31:19-04:00

What Thieves Know About Anti-Phishing Solutions & What This Means To You

Without taking proper precautions, your computer is a veritable smörgåsbord for hackers. Hackers have developed an array of techniques to infiltrate your system, extract your data, install self-serving software, and otherwise wreak havoc on your system. Every network in the world is vulnerable to hacking attempts; it's simply a matter of which systems the hackers deem worth the effort. Preventing hackers from successfully compromising your data requires an understanding of [...]

What they are not telling you about the CIA leaks.

The CIA leaks are making huge waves across the world. In a nutshell, the documents claim to reveal some of the hacking capabilities that the CIA has. Many privacy advocates believe that exposure of secrets like these is a net benefit for citizens because it provides transparency in government action. The media also likes leaks like these because it provides excellent story fodder. But there is one thing that no [...]

Hacking casinos with zeroday exploits

Most popular email programs like Microsoft Outlook, Apple Mail, Thunderbird, etc. have a convenient feature that enables them to remember the email addresses of people that have been emailed.  Without this feature people would need to recall email addresses from memory or copy and paste from an address book. This same feature enables hackers to secretly breach networks using a technique that we created back in 2006 and named Email [...]

EXPOSED: How These Scammers Tried To Use LinkedIn To Steal Our Client’s Passwords

Earlier this morning one of our more savvy customers received an email from [email protected] The email contained a “New Message Received” notification allegedly sourced from CEO Tom Morgan. Contained in the email was a link that read, “Click here to sign in and read your messages”. Fortunately we had already provided training to this particular customer that covered Social Engineering and Phishing threats. So, rather than click on the link [...]

How we tricked your HR lady into giving us access to every customers credit card number

We recently completed the delivery of a Realistic Threat PCI focused Penetration Test for a large retail company. As is always the case, we don’t share customer identifiable information, so specific details about this engagement have been altered to protect the innocent. For the sake of this article we’ll call the customer Acme Corporation. When we were first approached by the Acme Corporation we noticed that they seemed well versed [...]

Ukrainian hacker admits stealing business press releases for $30M, What they’re NOT telling you -Netragard

The sensationalized stories about the hacking of PR Newswire Association, LLC., Business Wire, and Marketwired, L.P. (the Newswires) are interesting but not entirely complete.  The articles that we've read so far paint the Newswires as victims of some high-talent criminal hacking group.  This might be true if the Newswires actually maintained a strong security posture, but they didn't.  Instead their security posture was insufficiently robust to protect the confidentiality, integrity [...]

Enemy of the state

A case study in Penetration Testing We haven’t been blogging as much as usual largely because we’ve been busy hacking things.   So, we figured that we’d make it up to our readers by posting an article about one of our recent engagements. This is a story about how we covertly breached a highly sensitive network during the delivery of a Platinum level Penetration Test. First, we should make clear that [...]

Exploit Acquisition Program Shut Down

We've decided to terminate our Exploit Acquisition Program (again).   Our motivation for termination revolves around ethics, politics, and our primary business focus.  The HackingTeam breach proved that we could not sufficiently vet the ethics and intentions of new buyers. HackingTeam unbeknownst to us until after their breach was clearly selling their technology to questionable parties, including but not limited to parties known for human rights violations.  While it is not a [...]

What real hackers know about the penetration testing industry that you don’t.

The information security industry has become politicized and almost entirely ineffective as is evidenced by the continually increasing number of compromises. The vast majority of security vendors don’t sell security; they sell political solutions designed to satisfy the political security needs of third parties. Those third parties often include regulatory bodies, financial partners, government agencies, etc.   People are more concerned with satisfying the political aspects of security than they are [...]

Penetration Testing Vendor Comparison. How To Select The Right Vendor.

Video Overview: Not all penetration testing services are equal. This video discusses what to watch out for when selecting a penetration testing vendor. Penetration Testing Vendor Comparison Video Below. https://www.youtube.com/watch?v=dRrxNWVYL7E Not all Penetration Testing companies are created equal. In this video we walk through the right way to conduct penetration testing versus the wrong way. Most testing firms are not performing genuine penetration tests, they are selling thinly disguised scans. This video [...]

The Truth About Breaching Retail Networks

How we breached a retail network using our manual penetration testing methodology We recently delivered an Advanced Persistent Threat  (APT) Penetration Test to one of our customers. People who know us know that when we say APT we’re not just using buzz words.  Our APT services maintain a 98% success rate at compromise while our unrestricted methodology maintains a 100% success at compromise to date.  (In fact we offer a [...]

What you don’t know about compliance…

People are always mystified by how hackers break into major networks like Target, Hannaford, Sony, (government networks included), etc.  They always seem to be under the impression that hackers have some elite level of skill.  The truth is that it doesn’t take any skill to break into most networks because they aren’t actually protected. Most network owners don’t care about security because they don’t perceive the threat as real.  They [...]

Load More Posts