At the onset of any engagement, Triaxiom Security engineers will begin with research, often called Open Source Intelligence Gathering, or OSINT for short. OSINT is the process of gathering publicly available information from the internet to gain a deeper understanding of an organization, its technology stack, and any potential vulnerabilities. Security engineers often conduct this […]
After passing the eWPT, I was looking for another web application certification that might help to elevate my skills and help me to review web application penetration testing exploits and methodologies. I stumbled upon Hack the Box (HTB) Academy, which offered a Certified Bug Bounty Hunting (CBBH) course and exam. I looked over a couple […]
In this blog we are going to take a look at an often overlooked or under-appreciated method to bypass Duo MFA for RDP. As long as the attacker has administrative rights on the computer, this blog will demonstrate how it is possible to enable restricted admin mode, and subsequently bypass the multi-factor authentication (MFA) requirement […]
Fall seven times and stand up eight. Japanese Proverb Following two failed attempts, I persevered and obtained the coveted OSCP on the third time around. The overall journey took me about a year and half of studying, practicing and scouring the internet through countless resources. In the following sections I will provide an overview of the exam and […]
Higher education institutions have embraced technological advancements to enhance the learning experience, streamline administrative processes, and foster collaboration. However, with the growing reliance on technology comes an increased risk of cyber threats. Cybersecurity has become a paramount concern for these institutions, as they handle vast amounts of sensitive data that includes personally identifiable information (PII), […]
In an era where cybersecurity has become a critical concern for institutions across all sectors, higher education institutions face unique challenges in safeguarding sensitive data, protecting research networks, and maintaining the trust of students, faculty, and stakeholders. The importance of using a penetration testing company focused specifically on higher education is key for achieving the […]
