Security Assessments

Security Assessments Services

Penetration Testing, Web Application Assessment, Social Engineering, Data Breach Threat Analysis, Purple Team Assessment Service, Mobile Application Security Assessment, Network Vulnerability Assessment Service, Virtual Attack Team

Learn security assessments news, trends, and best practices regarding penetration testing, web application security, mobile application security, network vulnerability, purple teams and more.


Dec 2018

Four Ways to Protect Against Insider Threats

Most cybersecurity defenses and strategies are focused on external threats in an effort to make access costlier for a hacker than the value of what they can obtain. However, developing ways to protect against insider threats is an essential part of an organization’s cybersecurity posture. The Internal Threat Landscape Most organizations are focused on the prospect of external threats. Basic security is perimeter-focused, meaning that the primary...

Read More


Nov 2018

Hacking Humans: The Social Engineering Threat

When most people think of cyberattacks and the social engineering threat, they picture a scene from an action movie in which a teenage computer whiz spends thirty seconds furiously typing on a computer keyboard and gaining complete access to the Pentagon’s databases. In the real world, this isn’t how hacking actually works. The good news is that hacking the Pentagon is a lot harder than...

Read More


Sep 2018

What Personal Information Can Anyone Learn About You on the Internet?

When you think of people collecting personal information about you, you probably think about the data leaked in corporate data breaches and information for sale on the Dark Web. But have you ever wondered what kind of information the average person could learn about you on the Internet? The Internet can make social engineering a past time for some, or a dangerous cybercrime conduit for...

Read More


Sep 2018

Eight Considerations for Remote Worker Cybersecurity

Working from your desk in the corporate office is probably the safest way of doing business since you have both physical and technological protections provided by your organization.  However, this may not always be feasible for either personal or business reasons.  By taking the appropriate remote worker cybersecurity precautions, you can work from home or on the go without jeopardizing your personal security or that...

Read More


Jul 2018

Two-Factor Authentication (2FA): Secure or Not?

Passwords are generally considered to be insecure.  With the sheer number of accounts that the average person has, remembering a password for each account requires weak passwords, password reuse, or the use of technology like a password manager.  Even if someone has good password hygiene, a data breach means that someone’s password could be exposed by circumstances completely outside their control. Two-factor authentication is a...

Read More


Jun 2018

How to Spot a Social Engineer

When thinking about cybersecurity and hackers, most people focus on the technological side of hacking where attackers take advantage of vulnerabilities in computer systems to gain unauthorized access.  However, this is only one avenue for hackers to get what they want. Instead of focusing on weaknesses in computer systems, social engineers take advantage of susceptibility in human behavior and people’s default reactions to certain situations....

Read More


Mar 2018

Active Directory Password Health Analysis – Part 2

By Ben Goodman In Active Directory Password Health Analysis – Part 1, Russel Van Tuyl provided a background on Active Directory (AD) and its limitations in determining an organization’s password health. Russel also gave a high-level overview on the ADPasswordHealth python script, and its benefits in password health analysis. In this post we’ll take a deeper dive into what the ADPasswordHealth script can do. Recap...

Read More


Oct 2017

Slack and Microsoft Teams Notifications for Empire and Meterpreter Agents

By Russel Van Tuyl A short time ago, I wrote a Python script that would send notification messages to Slack when a computer was compromised and an Empire or Meterpreter agents was dropped. I spent a little time updating the script and added support for Microsoft Teams notifications. This blog explains how I set up Slack and Microsoft Teams notifications for Empire and Meterpreter agents. In...

Read More


Oct 2017

Active Directory Password Health Analysis – Part 1

By Russel Van Tuyl Active Directory (AD) is an essential part of a Microsoft domain. A prominent function AD performs is to keep a record of all domain user accounts and their associated password stored as an encrypted one-way hash value. One of the many objectives during a penetration test is to gain access to the AD ntds.dit database file, which contains the user account...

Read More

Page 1 of 3123