Security Assessments


Security Assessments Services

Learn security assessments news, trends, and best practices regarding penetration testing, web application security, mobile application security, network vulnerability, purple teams and more.


03

Dec 2018

Four Ways to Protect Against Insider Threats

Most cybersecurity defenses and strategies are focused on external threats in an effort to make access costlier for a hacker than the value of what they can obtain. However, developing ways to protect against insider threats is an essential part of an organization’s cybersecurity posture. The Internal Threat Landscape Most organizations are focused on the prospect of external threats. Basic security is perimeter-focused, meaning that the primary...

Read More


21

Mar 2018

Active Directory Password Health Analysis – Part 2

By Ben Goodman In Active Directory Password Health Analysis – Part 1, Russel Van Tuyl provided a background on Active Directory (AD) and its limitations in determining an organization’s password health. Russel also gave a high-level overview on the ADPasswordHealth python script, and its benefits in password health analysis. In this post we’ll take a deeper dive into what the ADPasswordHealth script can do. ADPasswordHealth...

Read More


24

Oct 2017

Slack and Microsoft Teams Notifications for Empire and Meterpreter Agents

A short time ago, I wrote a Python script that would send notification messages to Slack when a computer was compromised and an Empire or Meterpreter agents was dropped. I spent a little time updating the script and added support for Microsoft Teams notifications. This blog explains how I set up Slack and Microsoft Teams notifications for Empire and Meterpreter agents. In order to receive...

Read More


05

Oct 2017

Active Directory Password Health Analysis – Part 1

Active Directory (AD) is an essential part of a Microsoft domain. A prominent function AD performs is to keep a record of all domain user accounts and their associated password stored as an encrypted one-way hash value. One of the many objectives during a penetration test is to gain access to the AD ntds.dit database file, which contains the user account information and password hashes....

Read More


12

Sep 2017

Distributed Password Hash Cracking with the Tower of Power

By Tim Welles Sword & Shield was recently looking for a way to up its hash cracking game to help its penetration testers to get an edge on cracking passwords. This is one way the security analysts advise clients on building more secure systems. What is better than a singular hash cracking box? Multiple hash cracking boxes! So I set out to build a distributed...

Read More


25

Apr 2017

Shadow Brokers Release: Microsoft Exploits and Your Business

By Jason Graf It seems like something out of a spy novel: A covert band of cybercriminals releases details of extraordinary weaknesses in unsupported versions of Windows that could be used to wreak havoc on businesses and individuals worldwide. The Shadow Brokers release is real, and it has the potential to cause serious damage. On April 14, the Shadow Brokers, a hacker group originating in...

Read More


05

Apr 2017

The ROI of Security Assessments

In the business world, Return on Investment (ROI) is used to evaluate an expense and is calculated by dividing the return (benefit) of an investment by the cost of the investment. This means a higher ROI represents a better investment. In a situation where the return and cost are tangible and easily measured, calculating ROI is not difficult. Unfortunately, calculating ROI for a security assessment...

Read More


01

Feb 2016

You Need a Security Assessment to be HIPAA Compliant

But, Does That Make You Secure? Security assessments aren’t just a cost of doing business for those in the healthcare profession – they are a requirement to meet HIPAA compliance. The Department of Health and Human Services requires all organizations handling Protected Health Information (PHI) to have a risk assessment as the first step toward implementing the safeguards specified in the HIPAA Security Rule. This ultimately leads...

Read More


15

Jan 2016

A Strategic Security Assessment Helps Reveal Your Security Posture

As a result of the many large and damaging data breaches that have graced the headlines of the news over the past few years, many business owners have just now come to the realization that they don’t have a good understanding of how all the security pieces of their company puzzle fit together. Getting Started with Cybersecurity Knowing how to effectively protect your clients’ personal...

Read More



Page 1 of 212