Malware

Hacking casinos with zeroday exploits

By |2020-04-07T12:22:22-04:00November 29th, 2016|

Most popular email programs like Microsoft Outlook, Apple Mail, Thunderbird, etc. have a convenient feature that enables them to remember the email addresses of people that have been emailed.  Without this feature people would need to recall email addresses from memory or copy and paste from [...]

Enemy of the state

By |2020-03-31T10:24:19-04:00January 25th, 2016|

A case study in Penetration Testing We haven’t been blogging as much as usual largely because we’ve been busy hacking things.   So, we figured that we’d make it up to our readers by posting an article about one of our recent engagements. This is a story [...]

The Truth About Breaching Retail Networks

By |2020-03-31T10:26:03-04:00September 11th, 2014|

How we breached a retail network using our manual penetration testing methodology We recently delivered an Advanced Persistent Threat  (APT) Penetration Test to one of our customers. People who know us know that when we say APT we’re not just using buzz words.  Our APT services [...]

Whistleblower Series – The real problem with China isn’t China, its you.

By |2020-03-31T10:27:14-04:00June 10th, 2013|

Terms like China, APT and Zero-Day are synonymous with Fear, Uncertainty and Doubt (FUD).  The trouble is that, in our opinion anyway, these terms and respective news articles detract from the actual problem.  For example, in 2011 only 0.12% of compromises were attributed to zero-day exploitation [...]

Comments Off on Whistleblower Series – The real problem with China isn’t China, its you.

The 3 ways we owned you in 2012

By |2020-03-31T10:27:38-04:00February 12th, 2013|

Here are the top 3 risks that we leveraged to penetrate into our customers' networks in 2012. Each of these has been used to affect an irrecoverable infrastructure compromise during multiple engagements across a range of different customers. We flag a compromise "irrecoverable" when we've successfully taken administrative control [...]

Comments Off on The 3 ways we owned you in 2012

Conficker C and friends – Defeating worms with architecture

By |2020-03-31T10:39:34-04:00March 31st, 2009|

The first line of technical defense against any computer intrusion is the architecture of the network infrastructure that the computer is connected to. The fact that worms like Conficker are so successful in their metastasis is "in your face" proof of just how insecure today's IT Infrastructures are. [...]

Comments Off on Conficker C and friends – Defeating worms with architecture

ROI of good security.

By |2020-03-31T10:44:57-04:00January 2nd, 2009|

The cost of good security is a fraction of the cost of damages that usually result from a single successful compromise. When you choose the inexpensive security vendor, you are getting what you pay for. If you are looking for a check in the box instead [...]

Comments Off on ROI of good security.

Brian Chess, CTO of Fortify Software – Creating Confusion

By |2020-03-31T10:45:38-04:00December 29th, 2008|

So this entry goes to support my previous post about Insecure Security Technologies and some of the confusion that these vendors can cause. Recently Networkworld published an article named "Penetration Testing: Dead in 2009" and cited Brian Chess, the CTO of Fortify Software as the expert source. The [...]

Comments Off on Brian Chess, CTO of Fortify Software – Creating Confusion