How to Define the Scope of Your Next Pentest Engagement One of the most important factors in the success of a penetration test is its scope. Scope limitations are an understandable and even common desire. However, they can make the results of a pentest worse [...]
Without taking proper precautions, your computer is a veritable smörgåsbord for hackers. Hackers have developed an array of techniques to infiltrate your system, extract your data, install self-serving software, and otherwise wreak havoc on your system. Every network in the world is vulnerable to hacking attempts; [...]
Most popular email programs like Microsoft Outlook, Apple Mail, Thunderbird, etc. have a convenient feature that enables them to remember the email addresses of people that have been emailed. Without this feature people would need to recall email addresses from memory or copy and paste from [...]
We recently completed the delivery of a Realistic Threat PCI focused Penetration Test for a large retail company. As is always the case, we don’t share customer identifiable information, so specific details about this engagement have been altered to protect the innocent. For the sake of [...]
The sensationalized stories about the hacking of PR Newswire Association, LLC., Business Wire, and Marketwired, L.P. (the Newswires) are interesting but not entirely complete. The articles that we've read so far paint the Newswires as victims of some high-talent criminal hacking group. This might be true [...]
A case study in Penetration Testing We haven’t been blogging as much as usual largely because we’ve been busy hacking things. So, we figured that we’d make it up to our readers by posting an article about one of our recent engagements. This is a story [...]
How we breached a retail network using our manual penetration testing methodology We recently delivered an Advanced Persistent Threat (APT) Penetration Test to one of our customers. People who know us know that when we say APT we’re not just using buzz words. Our APT services [...]
People are always mystified by how hackers break into major networks like Target, Hannaford, Sony, (government networks included), etc. They always seem to be under the impression that hackers have some elite level of skill. The truth is that it doesn’t take any skill to break [...]
This video provides and overview of the two most common methodologies for pricing a penetration test. How Much Should You Spend On Penetration Testing Services The most common question asked is "how much will it cost for you to deliver a penetration test to us?". Rather [...]
Terms like China, APT and Zero-Day are synonymous with Fear, Uncertainty and Doubt (FUD). The trouble is that, in our opinion anyway, these terms and respective news articles detract from the actual problem. For example, in 2011 only 0.12% of compromises were attributed to zero-day exploitation [...]