Netragard Blog

Netragard Blog2020-04-24T15:31:19-04:00

REVERSE(noitcejnI LQS dnilB) Bank Hacking

Earlier this year we were hired to perform an Overt Web Application Penetration Test for one of our banking customers (did you click that?).This customer is a reoccurring customer and so we know that they have Web Application Firewalls and Network Intrusion Prevention Systems in play.We also know that they are very security savvy and that they respond to attacks promptly and appropriately. Because this test was Overt in nature [...]

Inside The Brains Of A Professional Bank Hacking Team

Originally posted on Forbes.com - Read the original article here. We were recently hired to perform an interesting Advanced Stealth Penetration test for a mid-sized bank. The goal of the penetration test was to penetrate into the bank's IT Infrastructure and see how far we could get without detection.This is a bit different than most penetration tests as we weren't tasked with identifying risks as much as we were with [...]

Outbound Traffic Risk and Controlls

Recently one of our customers asked me to provide them with information about the risks of unrestricted or lightly restricted outbound network traffic. As such, I decided to write this blog entry and share it with everyone. While some of the risks behind loose outbound network controls are obvious, others aren’t so obvious. I hope that this blog entry will help to shed some light on the not so obvious [...]

Exploit Acquisition Program – More Details

The recent news on Forbes about our Exploit Acquisition Program has generated a lot of interesting speculative controversy and curiosity. As a result, I've decided to take the time to follow up with this blog entry. Here I'll make a best effort to explain what the Exploit Acquisition Program is, why we decided to launch the program, and how the program works. What it is:The Exploit Acquisition Program ("EAP") officially [...]

Professional Script Kiddies vs Real Talent

The Good Guys in the security world are no different from the Bad Guys; most of them are nothing more than glorified Script Kidies. The fact of the matter is that if you took all of the self-proclaimed hackers in the world and you subjected them to a litmus test, very few would pass as acutal hackers.This is true for both sides of the so called Black and White hat [...]

Hosted Solutions A Hackers Haven

Human beings are lazy by nature.If there is a choice to be made between a complicated technology solution and an easy technology solution, then nine times out of ten people will choose the easy solution.The problem is that the easy solutions are often riddled with hidden risks and those risks can end up costing the consumer more money in damages then what might be saved by using the easy solution. [...]

Social Engineering — Its Nothing New

With all the recent hype about Social Engineering we figured that we’d chime in and tell people what’s really going on. The fact is that Social Engineering is nothing more than a Confidence Trick being carried out by a Con Artist. The only difference between the term Social Engineering and Confidence Trick is that Social Engineering is predominately used with relation to technology. So what is it really? Social Engineering [...]

Why DISSECTING THE HACK: The F0rb1dd3n Network was written. By: Jayson E. Street

Note: This blog entry was written by Jayson E. Street and published on his behalf. The consumer, the corporate executive, and the government official. Regardless of your perspective, DISSECTING THE HACK: The F0rb1dd3n Network was written to illustrate the issues of Information Security through story. We all tell stories. In fact, we do our best communicating through stories. This book illustrates how very real twenty-first century threats are woven into [...]

Verify Your Security Provider — The truth behind manual testing.

Something that I’ve been preaching for a while is that automated vulnerability scanners do not produce quality results and as such shouldn’t be relied on for penetration tests or vulnerability assessments. I’ve been telling people that they should look for a security company that offers manual testing, not just automated scans. The price points for quality work will be significantly higher, but in the end the value is much greater. [...]

SNOsoft – Blosoft – GLOsoft – Awesome!

Normally we wouldn't give an iota of attention to trolls, but there's always the exception to the rule. The past two advisories that we (Netragard/SNOsoft) released have been followed up by a troll publishing hilarious spoofs of those advisories. So far the spoofs they've released can be found here and are called "BloSoft" and "GloSoft". We're actually proud (and flattered) that these trolls think that we're important enough to spoof [...]

Aircell GoGo Inflight Internet – Hackers on a plane

GoGo Inflight Internet is a Wi-Fi service provided by AirCell and offered to an increasing number of airline passengers. This service enables users to connect to the Internet while in transit for business or pleasure. While the service is a great idea, its implementation is flawed and as such its users are put at risk. This blog entry is our effort to help educate GoGo Inflight Internet users about the [...]

Conficker (and friends) v.s. Quality Penetration Testing

Its funny to me that people haven't commented on the fact that the ability of a worm to spread is proof positive of just how insecure today's networks are. (Yet, even with this lack of security others are talking about this kick-ass idea of "Cloud Computing"). The fact is that if people managed their networks properly (which includes testing properly with quality security service providers) that worms would not be [...]

Load More Posts