Security Assessments


25

Sep 2018

Eight Considerations for Remote Worker Cybersecurity

Working from your desk in the corporate office is probably the safest way of doing business since you have both physical and technological protections provided by your organization.  However, this may not always be feasible for either personal or business reasons.  By taking the appropriate remote worker cybersecurity precautions, you can work from home or on the go without jeopardizing your personal security or that...

Read More


02

Jul 2018

Two-Factor Authentication (2FA): Secure or Not?

Passwords are generally considered to be insecure.  With the sheer number of accounts that the average person has, remembering a password for each account requires weak passwords, password reuse, or the use of technology like a password manager.  Even if someone has good password hygiene, a data breach means that someone’s password could be exposed by circumstances completely outside their control. Two-factor authentication is a...

Read More


27

Jun 2018

How to Spot a Social Engineer

When thinking about cybersecurity and hackers, most people focus on the technological side of hacking where attackers take advantage of vulnerabilities in computer systems to gain unauthorized access.  However, this is only one avenue for hackers to get what they want. Instead of focusing on weaknesses in computer systems, social engineers take advantage of susceptibility in human behavior and people’s default reactions to certain situations....

Read More


21

Mar 2018

Active Directory Password Health Analysis – Part 2

By Ben Goodman In Active Directory Password Health Analysis – Part 1, Russel Van Tuyl provided a background on Active Directory (AD) and its limitations in determining an organization’s password health. Russel also gave a high-level overview on the ADPasswordHealth python script, and its benefits in password health analysis. In this post we’ll take a deeper dive into what the ADPasswordHealth script can do. Recap...

Read More


24

Oct 2017

Slack and Microsoft Teams Notifications for Empire and Meterpreter Agents

By Russel Van Tuyl A short time ago, I wrote a Python script that would send notification messages to Slack when a computer was compromised and an Empire or Meterpreter agents was dropped. I spent a little time updating the script and added support for Microsoft Teams notifications. This blog explains how I set up Slack and Microsoft Teams notifications for Empire and Meterpreter agents. In...

Read More


05

Oct 2017

Active Directory Password Health Analysis – Part 1

By Russel Van Tuyl Active Directory (AD) is an essential part of a Microsoft domain. A prominent function AD performs is to keep a record of all domain user accounts and their associated password stored as an encrypted one-way hash value. One of the many objectives during a penetration test is to gain access to the AD ntds.dit database file, which contains the user account...

Read More


06

Sep 2017

Social Engineering Q&A: How to Strengthen Your Network Security

As organizations respond to InfoSec threats by hardening their network security, hackers are exploiting softer targets, such as employees and management, to gain access. According to IBM research, in 2016 about 71 percent of reported cyberattacks in the healthcare industry and 57 percent of cyberattacks in the financial services industry depended on the actions of employees who had unintentionally compromised the network security of their...

Read More


25

Apr 2017

Shadow Brokers Release: Microsoft Exploits and Your Business

By Jason Graf It seems like something out of a spy novel: A covert band of cybercriminals releases details of extraordinary weaknesses in unsupported versions of Windows that could be used to wreak havoc on businesses and individuals worldwide. The Shadow Brokers release is real, and it has the potential to cause serious damage. On April 14, the Shadow Brokers, a hacker group originating in...

Read More



Page 1 of 3123