Apr 17, 2018 | RSA Conference, RSAC 2018
While I wandered through RSA today, a song came to mind. You might recognize it, especially if you wore a lot of black clothes in the 1980s. It’s Panic. RSA 2018 is all about panic. Enjoy my new lyrics to this Smiths song. Panic on the streets of Frisco...
Apr 2, 2018 | Application Security, Penetration Testing, Vulnerabilities
Welcome to Part 2 of this 2-part blog series looking at the details of exploring and validating an exploit! If you liked this series, I bet you’d be interested in our webinar on How to Think Like A Hacker, check it out! Now on to Part 2: Taking it to the Next...
Mar 27, 2018 | Application Security, Penetration Testing, Vulnerabilities
A Study in Exploit Development: Easychat SEH exploit A typical penetration test involves automated scanning to identify vulnerabilities, followed by a more manual testing process where the tester attempts to validate and exploit those vulnerabilities. Many times, we...
Mar 5, 2018 | Compliance, Security Management
Is compliance slowing you down? Read about our compliance services or reach out directly with any questions about your journey to compliance. Do you ever feel like your job involves a lot of hammering on the same few key points over and over? Well, that’s the way it...
Feb 6, 2018 | Opinion, Security Leadership
In 1919, a man founded a company to sell dubious investments in international postal trading. The company made no profit or tangible product. Despite this, the man sold millions of shares in his company. With each investor, he would funnel the money into dividends to...
Jan 24, 2018 | Risk Management, Security Analytics, Vulnerabilities
It has been a few weeks since security researchers discovered that nearly every processor on earth is vulnerable to Meltdown and Spectre vulnerabilities. Panic is spreading. We agree that this is a serious set of vulnerabilities. But, no need to panic. We got this....
Jan 9, 2018 | Opinion, Security Leadership
That was a fun year: mega breaches, everybody rebranding as artificial intelligence, Russian hackers, and Symantec only bought three companies. Oh and BLOCKCHAIN…. because, blockchain. If you thought 2017 was fun, wait for it. 2018 is going to be a hoot. Here...
Nov 30, 2017 | Vulnerability Research
Every now and then, an regular penetration test project can take a decidedly irregular detour into the land of zero-day exploits. In October 2017, I discovered a zero-day vulnerability in Ulterius, a widely used, open-source remote access software. Come along. I have...
Nov 30, 2017 | Vulnerability Research
Every now and then, an regular penetration test project can take a decidedly irregular detour into the land of zero-day exploits. In October 2017, I discovered a zero-day vulnerability in Ulterius, a widely used, open-source remote access software. Come along. I have...
