We discussed last week that open source intelligence, or OSINT, is one of the most important phases of an assessment for a penetration tester. It is this part of a test where an engineer is gathering background information about an organization that is publicly available, ranging from the business they are in, to the types […]
There is no question that administrators need an account with elevated permissions so they can effectively manage and care for the domain and users. For this blog, let’s call that account the “Superman” account. However, security best practice is increasingly calling for administrators to have a second account that they use to perform their daily […]
On August 3, 2018, Governor John Kasich signed Senate Bill 220, also known as the “Ohio Data Protection Act“. Unfortunately, this caused some confusion for businesses operating in Ohio, so today, we will discuss the act and how it may apply to you. This act IS NOT meant to lay forth a minimum security requirement for businesses in Ohio. In fact, […]
Conducting OSINT, or open source intelligence, operations refers to the act of gaining information about a target through “open sources.” This is data that is freely available on the Internet through things like search engines. Open source reconnaissance is a key part of any good penetration test, as it can provide useful information that is […]
One of the age-old battles in information security is balancing the trade-offs between usability vs. security. We recently had a conversation with a client where this was brought up as a concern for implementing security controls we were recommending. The client said, “sure I can lock down this website such that no IP can get […]
Penetration testing requests for proposals (RFPs) or requests for quotes (RFQs) can be a great way to bid on and potentially win penetration testing projects as a business. Many pen testing vendors rely on capturing business solely, or mostly, through RFP submissions. Most RFPs are for government entities such as local municipalities, state run schools, […]
