Security Assessments


12

Nov 2018

Hacking Humans: The Social Engineering Threat

When most people think of cyberattacks and the social engineering threat, they picture a scene from an action movie in which a teenage computer whiz spends thirty seconds furiously typing on a computer keyboard and gaining complete access to the Pentagon’s databases. In the real world, this isn’t how hacking actually works. The good news is that hacking the Pentagon is a lot harder than...

Read More


26

Sep 2018

What Personal Information Can Anyone Learn About You on the Internet?

When you think of people collecting personal information about you, you probably think about the data leaked in corporate data breaches and information for sale on the Dark Web. But have you ever wondered what kind of information the average person could learn about you on the Internet? The Internet can make social engineering a past time for some, or a dangerous cybercrime conduit for...

Read More


25

Sep 2018

Eight Considerations for Remote Worker Cybersecurity

Working from your desk in the corporate office is probably the safest way of doing business since you have both physical and technological protections provided by your organization.  However, this may not always be feasible for either personal or business reasons.  By taking the appropriate remote worker cybersecurity precautions, you can work from home or on the go without jeopardizing your personal security or that...

Read More


02

Jul 2018

Two-Factor Authentication (2FA): Secure or Not?

Passwords are generally considered to be insecure.  With the sheer number of accounts that the average person has, remembering a password for each account requires weak passwords, password reuse, or the use of technology like a password manager.  Even if someone has good password hygiene, a data breach means that someone’s password could be exposed by circumstances completely outside their control. Two-factor authentication is a...

Read More


27

Jun 2018

How to Spot a Social Engineer

When thinking about cybersecurity and hackers, most people focus on the technological side of hacking where attackers take advantage of vulnerabilities in computer systems to gain unauthorized access.  However, this is only one avenue for hackers to get what they want. Instead of focusing on weaknesses in computer systems, social engineers take advantage of susceptibility in human behavior and people’s default reactions to certain situations....

Read More


21

Mar 2018

Active Directory Password Health Analysis – Part 2

By Ben Goodman In Active Directory Password Health Analysis – Part 1, Russel Van Tuyl provided a background on Active Directory (AD) and its limitations in determining an organization’s password health. Russel also gave a high-level overview on the ADPasswordHealth python script, and its benefits in password health analysis. In this post we’ll take a deeper dive into what the ADPasswordHealth script can do. Recap...

Read More


24

Oct 2017

Slack and Microsoft Teams Notifications for Empire and Meterpreter Agents

By Russel Van Tuyl A short time ago, I wrote a Python script that would send notification messages to Slack when a computer was compromised and an Empire or Meterpreter agents was dropped. I spent a little time updating the script and added support for Microsoft Teams notifications. This blog explains how I set up Slack and Microsoft Teams notifications for Empire and Meterpreter agents. In...

Read More


05

Oct 2017

Active Directory Password Health Analysis – Part 1

By Russel Van Tuyl Active Directory (AD) is an essential part of a Microsoft domain. A prominent function AD performs is to keep a record of all domain user accounts and their associated password stored as an encrypted one-way hash value. One of the many objectives during a penetration test is to gain access to the AD ntds.dit database file, which contains the user account...

Read More


06

Sep 2017

Social Engineering Q&A: How to Strengthen Your Network Security

As organizations respond to InfoSec threats by hardening their network security, hackers are exploiting softer targets, such as employees and management, to gain access. According to IBM research, in 2016 about 71 percent of reported cyberattacks in the healthcare industry and 57 percent of cyberattacks in the financial services industry depended on the actions of employees who had unintentionally compromised the network security of their...

Read More



Page 1 of 3123