Realistic Threat

Hacking casinos with zeroday exploits

By |2020-04-07T12:22:22-04:00November 29th, 2016|

Most popular email programs like Microsoft Outlook, Apple Mail, Thunderbird, etc. have a convenient feature that enables them to remember the email addresses of people that have been emailed.  Without this feature people would need to recall email addresses from memory or copy and paste from [...]

Enemy of the state

By |2020-03-31T10:24:19-04:00January 25th, 2016|

A case study in Penetration Testing We haven’t been blogging as much as usual largely because we’ve been busy hacking things.   So, we figured that we’d make it up to our readers by posting an article about one of our recent engagements. This is a story [...]

The Truth About Breaching Retail Networks

By |2020-03-31T10:26:03-04:00September 11th, 2014|

How we breached a retail network using our manual penetration testing methodology We recently delivered an Advanced Persistent Threat  (APT) Penetration Test to one of our customers. People who know us know that when we say APT we’re not just using buzz words.  Our APT services [...]

What you don’t know about compliance…

By |2020-03-31T10:26:14-04:00August 1st, 2014|

People are always mystified by how hackers break into major networks like Target, Hannaford, Sony, (government networks included), etc.  They always seem to be under the impression that hackers have some elite level of skill.  The truth is that it doesn’t take any skill to break [...]

How to Price a Penetration Test

By |2020-04-24T15:12:59-04:00October 8th, 2013|

This video provides and overview of the two most common methodologies for pricing a penetration test. How Much Should You Spend On Penetration Testing Services The most common question asked is "how much will it cost for you to deliver a penetration test to us?". [...]

Comments Off on How to Price a Penetration Test

Whistleblower Series – The real problem with China isn’t China, its you.

By |2020-03-31T10:27:14-04:00June 10th, 2013|

Terms like China, APT and Zero-Day are synonymous with Fear, Uncertainty and Doubt (FUD).  The trouble is that, in our opinion anyway, these terms and respective news articles detract from the actual problem.  For example, in 2011 only 0.12% of compromises were attributed to zero-day exploitation [...]

Comments Off on Whistleblower Series – The real problem with China isn’t China, its you.

Whistleblower Series – Don’t be naive, take the time to read and understand the proposal.

By |2020-03-31T10:27:22-04:00May 16th, 2013|

In our last whistleblower article, we showed that the vast majority of Penetration Testing vendors don't actually sell Penetration Tests. We did this by deconstructing pricing methodologies and combining the results with common sense. We're about to do the same thing to the industry average Penetration [...]

Comments Off on Whistleblower Series – Don’t be naive, take the time to read and understand the proposal.