A host compliance audit is a type of security assessment that involves the manual inspection of a workstation, server, or network device by a trained security engineer in order to evaluate the configuration, hardening, and security controls applied to the target. Using a published best practice standard, like the Center for Internet Security (CIS) benchmarks, […]
A password spray or password spraying attack is one of the most useful items in a penetration testers toolbox. This style of attack is used on almost every single external and internal penetration test. And if penetration testers are using it, you know that means hackers and malicious actors out there are using it as […]
Before you hire someone to physically break into your organization, it is probably a good idea to understand what steps they are going to take. In this blog, we will review our physical penetration testing methodology, which is the basic outline for any physical penetration test we perform. If you haven’t already, it might be […]
Recently, we were asked by a client “what MFA is the best for an SMB?” We liked that question and thought others would benefit, so we decided to add it to our list of blog topics. Before writing that blog however, we decided we first needed a quick review of what multi-factor authentication (MFA) is […]
When working with a customer who hasn’t had regular penetration testing before, one of their primary concerns is usually “will a penetration test disrupt my business?” They may be required to get a penetration test completed in order to meet a compliance requirement, because a larger organization is asking them to, or simply because they […]
One of the primary reasons many organizations are looking to have a penetration test performed is because someone they want to do business with wants some assurance that they are secure. So in the interest of forming this new business relationship, they’ll go out to try and get a penetration test performed as soon as […]
