After passing the eWPT, I was looking for another web application certification that might help to elevate my skills and help me to review web application penetration testing exploits and methodologies. I stumbled upon Hack the Box (HTB) Academy, which offered a Certified Bug Bounty Hunting (CBBH) course and exam. I looked over a couple […]
At the onset of any engagement, Triaxiom Security engineers will begin with research, often called Open Source Intelligence Gathering, or OSINT for short. Engineers will comb the internet, both manually and with automated tools and scripts, to better understand the client, their underlying technologies, and where weaknesses may lie. In general, any data obtained during […]
In this blog we are going to take a look at an often overlooked or under-appreciated method to bypass Duo MFA for RDP. As long as the attacker has administrative rights on the computer, this blog will demonstrate how it is possible to enable restricted admin mode, and subsequently bypass the multi-factor authentication (MFA) requirement […]
Fall seven times and stand up eight. Japanese Proverb Following two failed attempts, I persevered and obtained the coveted OSCP on the third time around. The overall journey took me about a year and half of studying, practicing and scouring the internet through countless resources. In the following sections I will provide an overview of the exam and […]
Higher education institutions have embraced technological advancements to enhance the learning experience, streamline administrative processes, and foster collaboration. However, with the growing reliance on technology comes an increased risk of cyber threats. Cybersecurity has become a paramount concern for these institutions, as they handle vast amounts of sensitive data that includes personally identifiable information (PII), […]
In an era where cybersecurity has become a critical concern for institutions across all sectors, higher education institutions face unique challenges in safeguarding sensitive data, protecting research networks, and maintaining the trust of students, faculty, and stakeholders. The importance of using a penetration testing company focused specifically on higher education is key for achieving the […]
In this blog, we are going to look into a few of the top mistakes CISOs make when it comes to penetration testing and how your organization can avoid them.
When most people think about penetration testing, or securing their network in general, they tend to focus on their external perimeter that is exposed to the Internet. But as an organization matures from a security perspective and wants to truly understand their risk, they have to look at their network from other angles. The next […]
In early 2020, I was staring down the barrel of a major career change. After almost a decade in the United States Marine Corps, I looked at the career progression in front of me and found no desire to go down that path. Luckily, I stayed in close contact with one of my Marines who […]
What are DNS Zone Transfers? DNS Zone transfers. As ancient as the vulnerability may seem, it is imperative for cybersecurity professionals to maintain a vigilant watch for the simple yet compromising weakness in their systems. To be sure, most organizations have taken the necessary steps to mitigate zone transfers to unknown hosts since the 1990s. […]
