We recently completed the delivery of a Realistic Threat PCI focused Penetration Test for a large retail company. As is always the case, we don’t share customer identifiable information, so specific details about this engagement have been altered to protect the innocent. For the sake of [...]
Terms like China, APT and Zero-Day are synonymous with Fear, Uncertainty and Doubt (FUD). The trouble is that, in our opinion anyway, these terms and respective news articles detract from the actual problem. For example, in 2011 only 0.12% of compromises were attributed to zero-day exploitation [...]
I (Adriel) read an article published by Charles Cooper of c|net regarding small businesses and their apparent near total lack of awareness with regards to security. The article claims that 77% of small- and medium-sized businesses think that they are secure yet 83% of those businesses have [...]
The zero-day exploit market is secretive. People as a whole tend to fear what they don’t understand and substitute fact with speculation. While very few facts about the zero-day exploit market are publicly available, there are many facts about zero-days that are available. When those facts [...]
Historically ethical researchers would provide their findings free of charge to software vendors for little more than a mention. In some cases vendors would react and threaten legal action citing violations of poorly written copyright laws that include but are not limited to the DMCA. To [...]
Netragard's Penetration Testing services use a research based methodology called Real Time Dynamic Testing™. Research based methodologies are different in that they focus on identifying both new and known vulnerabilities whereas standard methodologies usually, if not always identify known vulnerabilities. Sometimes when performing research based penetration testing we [...]
Here at Netragard We Protect You From People Like Us™ and we mean it. We don’t just run automated scans, massage the output, and draft you a report that makes you feel good. That's what many companies do. Instead, we "hack" you with a methodology that [...]
We (Netragard) recently completed an engagement for a client with a rather restricted scope. The scope included a single IP address bound to a firewall that offered no services what so ever. It also excluded the use of social attack vectors based on social networks, telephone, [...]
The purpose of Penetration Testing is to identify the presence of points where an external entity can make its way into or through a protected entity. Penetration Testing is not unique to IT security and is used across a wide variety of different industries. For example, [...]
The Chevy Volt will be the first car of its type: not because it is a hybrid electric/petrol vehicle, but because GM plans to give each one the company sells its own IP address. The Volt will have no less than 100 microcontrollers running its systems from [...]