CISO, vCISO, Penetration Testing, HIPAA, Security Program, Risk Assessment

The One Reason to Pen Test Data Backup Systems - Ransomware Protection

At the heart of your disaster recovery plan, organizations often disregard data backup and recovery systems when it comes to pen testing and maintaining security. Vulnerable backup systems make for an attractive target by ransomware gangs, grief/ breach gangs, and effective

Read More

PCI DSS, CISO, vCISO, Penetration Testing, HIPAA, Security Program, Risk Assessment, Red Teaming

The 0-day in the Room Nobody is Talking About: Scope

Scope is an important shaping tool that, when leveraged properly, can help enhance engagement outcomes during penetration testing, red team and other security operations. Like any tool, however, when used incorrectly it can have devastating

Read More

PCI DSS, SOC2, vCISO, Penetration Testing, HIPAA, CIS Controls, Security Program, Risk Assessment, Privacy, CCPA, ISO27001

Do you have APIs? How do you test them?

Application Program Interfaces (APIs) have changed in nature in recent years and are increasingly (and sometimes inadvertently) being made available to users of web services, the “Apps” (applications) on mobile devices, and internally for the web

Read More

PCI DSS, vCISO, Penetration Testing, Security Program

What is “Internal Penetration testing” for PCI DSS requirement 11.3

Introduction PCI DSS requires Internal, External Penetration testing, and Segmentation testing. But these terms are not crisply defined. In fact, “internal” is used elsewhere in the standard (for example internal vulnerability scanning) where it

Read More

Penetration Testing, Security Program, Risk Assessment

The Marriott Hack: A Cautionary Tale for Corporate Acquisitions

The case of the Marriott hack is, at once, an alarming prospect for the chain’s previous guests and an invaluable case study for any organization involved in any kind of merger. At the very least, it serves as a cautionary tale for businesses that

Read More

Penetration Testing, CIS Controls, Security Program, Risk Assessment

Coronavirus Cybersecurity Recommendations

In these difficult times, as many of us adapt to the disruptive new-normal of distance working, a robust information security program becomes more important than ever. 

Read More

Penetration Testing

Social Engineering Within Pentesting

Pentesting the People; social engineering is an easy vulnerability When it comes to penetration testing of an enterprise, you instantly think about all the cool tools and tactics used to enumerate the target and locate a possible vulnerability that

Read More

Penetration Testing

Just Walk in the Front Door

As an aspiring penetration tester, it is not always the extensive rootkits or the backdoor metasploit exploits that you need to focus on with every testing engagement. Sometimes, the best way in is to just try the front door. If you can learn to

Read More

Penetration Testing

The Secret Behind VI edit permissions

The art of penetration testing is one that takes a lot of fore-learned knowledge about a specific technology and system in order to really understand how they can be exploited. There are many loopholes that will allow potential malicious actors an

Read More

Penetration Testing

Hiding in plain sight: 3 Quick Checks for Low Hanging Fruit

Being able to quickly knock out the low hanging fruit vulnerabilities as a pen-tester is a matter of having a knowledge of their existence and finding quick ways to check for them. Here are a few quick hit, low hanging vulnerabilities that could

Read More