Research

What You Need to Know About Penetration Testing Liability

By |2020-09-15T16:54:18-04:00September 14th, 2020|

Penetration tests are designed to identify potential gaps in an organization’s cybersecurity. With an effective penetration test comes a variety of different risks.  Before engaging a penetration test provider, it is essential to understand the risks of penetration tests, how to minimize them, and why [...]

Whistleblower Series – The real problem with China isn’t China, its you.

By |2020-03-31T10:27:14-04:00June 10th, 2013|

Terms like China, APT and Zero-Day are synonymous with Fear, Uncertainty and Doubt (FUD).  The trouble is that, in our opinion anyway, these terms and respective news articles detract from the actual problem.  For example, in 2011 only 0.12% of compromises were attributed to zero-day exploitation [...]

Comments Off on Whistleblower Series – The real problem with China isn’t China, its you.

83% of businesses have no established security plan (but they’ve got Kool-Aid)

By |2020-03-31T10:27:51-04:00October 18th, 2012|

I (Adriel) read an article published by Charles Cooper of c|net regarding small businesses and their apparent near total lack of awareness with regards to security.  The article claims that 77% of small- and medium-sized businesses think that they are secure yet 83% of those businesses have [...]

Comments Off on 83% of businesses have no established security plan (but they’ve got Kool-Aid)

Selling zero-day’s doesn’t increase your risk, here’s why.

By |2020-03-31T10:28:00-04:00August 13th, 2012|

The zero-day exploit market is secretive. People as a whole tend to fear what they don’t understand and substitute fact with speculation.  While very few facts about the zero-day exploit market are publicly available, there are many facts about zero-days that are available.  When those facts [...]

Comments Off on Selling zero-day’s doesn’t increase your risk, here’s why.

Netragard on Exploit Brokering

By |2020-03-31T10:28:08-04:00April 12th, 2012|

Historically ethical researchers would provide their findings free of charge to software vendors for little more than a mention.  In some cases vendors would react and threaten legal action citing violations of poorly written copyright laws that include but are not limited to the DMCA.  To [...]

Comments Off on Netragard on Exploit Brokering

Hacking the Sonexis ConferenceManager

By |2020-04-02T13:44:17-04:00February 13th, 2012|

Netragard's Penetration Testing services use a research based methodology called Real Time Dynamic Testing™. Research based methodologies are different in that they focus on identifying both new and known vulnerabilities whereas standard methodologies usually, if not always identify known vulnerabilities. Sometimes when performing research based penetration testing we [...]

Comments Off on Hacking the Sonexis ConferenceManager

Netragard’s Badge of Honor (Thank you McAfee)

By |2020-03-31T10:29:21-04:00November 15th, 2011|

Here at Netragard We Protect You From People Like Us™ and we mean it.  We don’t just run automated scans, massage the output, and draft you a report that makes you feel good.  That's what many companies do.  Instead, we "hack" you with a methodology that [...]

Comments Off on Netragard’s Badge of Honor (Thank you McAfee)

Quality Penetration Testing by Netragard

By |2020-03-31T10:30:04-04:00February 22nd, 2011|

The purpose of Penetration Testing is to identify the presence of points where an external entity can make its way into or through a protected entity. Penetration Testing is not unique to IT security and is used across a wide variety of different industries.  For example, [...]

Comments Off on Quality Penetration Testing by Netragard