Security Assessments


24

Oct 2017

Slack and Microsoft Teams Notifications for Empire and Meterpreter Agents

By Russel Van Tuyl A short time ago, I wrote a Python script that would send notification messages to Slack when a computer was compromised and an Empire or Meterpreter agents was dropped. I spent a little time updating the script and added support for Microsoft Teams notifications. This blog explains how I set up Slack and Microsoft Teams notifications for Empire and Meterpreter agents. In...

Read More


05

Oct 2017

Active Directory Password Health Analysis – Part 1

By Russel Van Tuyl Active Directory (AD) is an essential part of a Microsoft domain. A prominent function AD performs is to keep a record of all domain user accounts and their associated password stored as an encrypted one-way hash value. One of the many objectives during a penetration test is to gain access to the AD ntds.dit database file, which contains the user account...

Read More


06

Sep 2017

Social Engineering Q&A: How to Strengthen Your Network Security

As organizations respond to InfoSec threats by hardening their network security, hackers are exploiting softer targets, such as employees and management, to gain access. According to IBM research, in 2016 about 71 percent of reported cyberattacks in the healthcare industry and 57 percent of cyberattacks in the financial services industry depended on the actions of employees who had unintentionally compromised the network security of their...

Read More


25

Apr 2017

Shadow Brokers Release: Microsoft Exploits and Your Business

By Jason Graf It seems like something out of a spy novel: A covert band of cybercriminals releases details of extraordinary weaknesses in unsupported versions of Windows that could be used to wreak havoc on businesses and individuals worldwide. The Shadow Brokers release is real, and it has the potential to cause serious damage. On April 14, the Shadow Brokers, a hacker group originating in...

Read More


05

Apr 2017

The ROI of Security Assessments

In the business world, Return on Investment (ROI) is used to evaluate an expense and is calculated by dividing the return (benefit) of an investment by the cost of the investment. This means a higher ROI represents a better investment. In a situation where the return and cost are tangible and easily measured, calculating ROI is not difficult. Unfortunately, calculating ROI for a security assessment...

Read More


17

Jan 2017

Building the Culture to Support a Social Engineering Awareness Program

Sword & Shield Enterprise Security Consultant Joe Gray pens the first of a five-part series for CISOcast, an online resource that publishes peer-reviewed content to help information security leaders meet the challenges of real world problems to help companies build a social engineering awareness program. Today, companies are investing more than ever before on protecting their IT infrastructure. As a response, hackers and, in turn, penetration...

Read More


04

Aug 2016

You are Your Company’s Worst CyberSecurity Threat

The biggest cybersecurity threat to your organization in 2016 isn’t Russian or Chinese hackers. It isn’t nefarious plots schemed by cyber spies, either. In fact, according to reports, the biggest threat to your company’s data loss is YOU. According to IBM’s CyberSecurity Intelligence Index, no less than 95 percent of all data security incidents are triggered by human error: employees who are getting tricked by...

Read More



Page 1 of 212