Our Blog

White Papers, Research, Tools and more

General Data Protection Regulation (GDPR) Penetration Testing

Introduction Meet GDPR. The General Data Protection Regulation (GDPR) is the new regulation in town which goes into full effect next week, May 25th. GDPR 95/46/EC covers the protection and empowerment of data privacy for all EU citizens, and the way organizations approach and process such data. Any organization that handles or processes the data…

Read more

Drupal Targeted with RCE Exploits

Introduction By now, you’ve most likely heard of the two recent Drupal vulnerabilities disclosed. If you or your organization is running Drupal 7.x or 8.x, we highly recommend you stop reading and update it now. Drupal 7.5.9 and 8.5.3 has patched the critical vulnerabilities mentioned in this article. Link: How to update Drupal Link: Drupal…

Read more

Identify Compromises Within Your Organization

Introduction Information Profiling is one of the most important steps in any penetration test. Consultants should investigate all publicly available information about their client prior to starting testing. This includes investigating if the client’s domain or emails have been compromised. Several services exist to assist with this such as Have I Been Pwnd (HIBP). Most…

Read more

Defending Against Ransomware and Zero Day Exploits

The Information Security industry has recently experienced a surge of ransomware and zero day releases. The latest ransomware to hit the news, “Wannacry” has affected over 200,000 systems on a global scale. Combine this with the frequent releases of zero day exploits and we now have a serious threat to both organizations and consumers alike….

Read more

Securing Internal Networks: Preventing LLMNR and NBNS Spoofing

Introduction Internal network environments are vast, complex, and unique per organization. Although unique, most internal network environments face being vulnerable to the same high impact issues that others do. One of the biggest threats to internal network environments today is being susceptible to Link-Local Multicast Name Resolution (“LLMNR”) and NetBIOS Name Service (“NBNS”) Spoofing attacks….

Read more

Preventing Mass Credential Harvesting: CredCrack, Mimikatz, Pass-the-Hash

Introduction This blog post covers best practices on how to secure a network to prevent mass credential harvesting attacks such as the techniques used in CredCrack. We have included best practices and divided them into two sections: Password and Account Security and Workstation Segmentation. Implement as many of the best practices listed below to ensure…

Read more

Let's talk about your
security needs

Send us an email and we’ll get the process started to protect your company

contact us