Top Mistakes CISOs Make When it Comes to Penetration Testing
In this blog, we are going to look into a few of the top mistakes CISOs make when it comes to penetration testing and how your organization can avoid them.
Everything You Need to Know About an Internal Penetration Test
When most people think about penetration testing, or securing their network in general, they tend to focus on their external perimeter that is exposed to the Internet. But as an organization matures from a security perspective and wants to truly understand their risk, they have to look at their network from other angles. The next […]
My Journey to Being an Intern at Triaxiom Security
In early 2020, I was staring down the barrel of a major career change. After almost a decade in the United States Marine Corps, I looked at the career progression in front of me and found no desire to go down that path. Luckily, I stayed in close contact with one of my Marines who […]
Ancient But Important: DNS Zone Transfers
What are DNS Zone Transfers? DNS Zone transfers. As ancient as the vulnerability may seem, it is imperative for cybersecurity professionals to maintain a vigilant watch for the simple yet compromising weakness in their systems. To be sure, most organizations have taken the necessary steps to mitigate zone transfers to unknown hosts since the 1990s. […]
Building An Advanced Password Cracking Machine
Earlier this year, Triaxiom was set on building a new password cracking machine which would be a more advanced iteration than its predecessor, Thor. Simply put, a password cracking machine is a powerful computer which can run through billions of password guesses per second. This leads us to our new project – Loki. Overview: While […]
PCI DSS v4.0 – Major Changes and Differences
The long-anticipated release of the Payment Card Industry (PCI) Data Security Standard (DSS) Version 4.0 (v4.0) by the PCI Council occurred on March 31, 2022. Although not a revolution, the new version contains many changes from the previous version (v3.2.1). According to the Council, the changes represent their determination to “continue to meet the security […]
XMPie uStore Vulnerabilities Discovered
Recently during an External Penetration Test, Triaxiom discovered several flaws/vulnerabilities within a commercial-off-the-shelf (COTS) eCommerce platform called XMPie uStore. In this post, we will discuss the avenue through which Triaxiom was able to gain initial access to this application, the security flaws discovered, recommended remediation steps for those flaws, and the responsible disclosure process with […]
Why Security Programs Fail
At Triaxiom Security, we have the distinct advantage of working with hundreds of clients across a variety of different verticals. One week, I may be conducting a penetration test for a Fortune 300 retail organization, and the next week I may be doing an audit for a hospital. This wealth of experience gives us the […]
Web Application Weakness Trends
These days, it is quickly becoming a necessity that all companies have public facing web applications for various purposes. Additionally, these web applications can be incredibly complex with a large feature set. Because of that, web application weaknesses can arise pretty easy, resulting in serious consequences. In this blog post, we’ll examine a couple web […]
We’re Hiring!
Triaxiom Security is an information security firm that specializes in penetration testing and strategic security consulting. Based out of Charlotte, NC, we’re a team of creative and collaborative individuals dedicated to providing top-of-the-line security services to our customers of all sizes and across all industries throughout the United States. At Triaxiom we provide a myriad […]