In today’s blog, we are going to learn a key concept related to how an attacker gains a foothold on your network: the difference between a bind and reverse payload. Attackers typically get an initial foothold by exploiting a vulnerability that allows them to execute code on a target. This can be through a web […]
As we continue our mini-series addressing some of the most common web application vulnerabilities we see during assessments, we turn our attention to the broad category of authentication weaknesses next. The OWASP Top 10 identifies this category as number 2 on its list, meaning it is obviously well known and prevalent. So then why are […]
As we continue to try and share knowledge we’ve gained in our time performing penetration testing, we’re going to focus on another common web application vulnerability I keep running into. Authorization bypass is number 5 on the OWASP Top 10, further demonstrating that this continues to be a common issue plaguing web applications. The biggest […]
As many of you are most likely aware of by this point, two Coalfire employees are facing criminal trespassing charges in Iowa. The two employees were conducting a physical penetration test against a judicial branch building and the Dallas County courthouse. As part of their assessment, they gained access to the courthouse and intentionally tripped […]
The National Credit Union Administration or “NCUA” was established to “provide, through regulation and supervision, a safe and sound credit union system, which promotes confidence in the national system of cooperative credit.” As one could imagine, IT infrastructure and the information security program is one of the critical pillars that are required to be audited. […]
Throughout our assessments, we get the opportunity to work with a wide variety of clients and see a ton of different web applications. When performing web application penetration testing in particular, there are a number of issues that we notice over and over again, regardless of the development language, application architecture, etc. If we see […]
During potential Mergers & Acquisitions (M&A), there exists a due diligence period similar to the due diligence period when you are buying a house. Like when you buy a house, the buyer has the opportunity to review, research, and fully inspect the asset. Generally speaking, when people think of M&A due diligence, they naturally think […]
This blog will be the final edition of our core values series. If you missed our first one, it touched on partnering with our clients. We started this business to help our clients improve their security posture and it is really important to us that they view us as part of their security team. Our […]
There has been a lot of talk recently with regards to the potential implementation of a US Cyber Civilian Reserve. Think of this as something comparable to the Civil Air Patrol and Coast Guard Auxiliary, but for cyber experts. The thinking is that these folks can be called upon for immediate action for municipalities, schools, […]
Today’s blog will be a continuation of our core value series. In our first blog, we discussed our core value of partnering with our clients and today we are going to focus on our next one: Striving to be the Best. We will follow the same format as the last one, first focusing on what […]
