by Andrew Plato | Mar 27, 2018 | Application Security, Penetration Testing, Vulnerabilities
A Study in Exploit Development: Easychat SEH exploit A typical penetration test involves automated scanning to identify vulnerabilities, followed by a more manual testing process where the tester attempts to validate and exploit those vulnerabilities. Many times, we...
by Andrew Plato | Mar 5, 2018 | Compliance, Security Management
Is compliance slowing you down? Read about our compliance services or reach out directly with any questions about your journey to compliance. Do you ever feel like your job involves a lot of hammering on the same few key points over and over? Well, that’s the way it...
by Andrew Plato | Feb 23, 2018 | PCI
Is PCI compliance slowing you down? Read about our compliance services or reach out directly with any questions about your journey to compliance. Before we begin, there’s one thing to make very, very clear: You cannot outsource ALL compliance! I do not...
by Andrew Plato | Feb 6, 2018 | Opinion, Security Leadership
In 1919, a man founded a company to sell dubious investments in international postal trading. The company made no profit or tangible product. Despite this, the man sold millions of shares in his company. With each investor, he would funnel the money into dividends to...
by Andrew Plato | Jan 24, 2018 | Risk Management, Security Analytics, Vulnerabilities
It has been a few weeks since security researchers discovered that nearly every processor on earth is vulnerable to Meltdown and Spectre vulnerabilities. Panic is spreading. We agree that this is a serious set of vulnerabilities. But, no need to panic. We got this....
by Andrew Plato | Jan 9, 2018 | Opinion, Security Leadership
That was a fun year: mega breaches, everybody rebranding as artificial intelligence, Russian hackers, and Symantec only bought three companies. Oh and BLOCKCHAIN…. because, blockchain. If you thought 2017 was fun, wait for it. 2018 is going to be a hoot. Here...
by Andrew Plato | Nov 30, 2017 | Vulnerability Research
Every now and then, an regular penetration test project can take a decidedly irregular detour into the land of zero-day exploits. In October 2017, I discovered a zero-day vulnerability in Ulterius, a widely used, open-source remote access software. Come along. I have...
by Andrew Plato | Nov 15, 2017 | Compliance, GDPR
On May 25th, 2018, the European Union’s General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) officially goes into effect. No need to panic. We got this. GDPR has rapidly devolved into a touchstone for everything from vendor FUD to political frothing....
by Andrew Plato | Nov 10, 2017 | GDPR, Webinar
The European Union’s General Data Protection Regulation (GDPR) wakes up and starts eating people on May 25th, 2018. You cannot stop it. You cannot reason with it. You cannot send it north of the wall. And you absolutely cannot afford to ignore it. If...
by Andrew Plato | Oct 26, 2017 | Webinar
Anitian wrote the book on PCI Compliance for AWS (along with the team at AWS). How do you make AWS environments compliant with the PCI DSS? In collaboration with Amazon, Anitian wrote the definitive guide on how to not only make your AWS environment compliant but how...
