Category: Blog Posts

libssh Authentication Bypass CVE-2018-10933

A vulnerability present in libssh versions 0.6 and later has taken the internet by storm. The vulnerability allows attackers to bypass authentication and gain remote code execution on the affected system. The libssh team has already released a patch to this vulnerability (link below). Upgrading to 0.7.6 or 0.8.4 eliminates the vulnerability. Link: libssh patch…

Read more

Bsides Miami Presentation

Powerpoint: Slides BSides Miami 2018 Slides We had a great time bonding with our South Florida community at the inaugural BSides Miami this year. Our presentation educated the audience on current industry trends, the creation of targeted social engineering scenarios, demos of tools and real world examples. Luckily for us, the demo gods were nice…

Read more

General Data Protection Regulation (GDPR) Penetration Testing

Introduction Meet GDPR. The General Data Protection Regulation (GDPR) is the new regulation in town which goes into full effect next week, May 25th. GDPR 95/46/EC covers the protection and empowerment of data privacy for all EU citizens, and the way organizations approach and process such data. Any organization that handles or processes the data…

Read more

Drupal Targeted with RCE Exploits

Introduction By now, you’ve most likely heard of the two recent Drupal vulnerabilities disclosed. If you or your organization is running Drupal 7.x or 8.x, we highly recommend you stop reading and update it now. Drupal 7.5.9 and 8.5.3 has patched the critical vulnerabilities mentioned in this article. Link: How to update Drupal Link: Drupal…

Read more

Securing Internal Networks: Preventing LLMNR and NBNS Spoofing

Introduction Internal network environments are vast, complex, and unique per organization. Although unique, most internal network environments face being vulnerable to the same high impact issues that others do. One of the biggest threats to internal network environments today is being susceptible to Link-Local Multicast Name Resolution (“LLMNR”) and NetBIOS Name Service (“NBNS”) Spoofing attacks….

Read more

Preventing Mass Credential Harvesting: CredCrack, Mimikatz, Pass-the-Hash

Introduction This blog post covers best practices on how to secure a network to prevent mass credential harvesting attacks such as the techniques used in CredCrack. We have included best practices and divided them into two sections: Password and Account Security and Workstation Segmentation. Implement as many of the best practices listed below to ensure…

Read more

Let's talk about your
security needs

Send us an email and we’ll get the process started to protect your company

contact us