External penetration tests are one of the most common tests we perform. An external penetration test is often the starting point for any company that is trying to understand its risk. With numerous compliance regulations (PCI, GDPR, HIPAA, CMMC, etc) either requiring external penetration tests or “highly recommending” them, we get to perform a lot […]
A common theme for many of the External Penetration Tests that we perform is unnecessary attack surface exposed to the Internet. So what is your Internet attack surface? How do you reduce it? And why is this even important? These are all great questions and items worthy of a blog post, given how often we […]
AWS Security Assessment is equal parts art and science. Are you considering an AWS security assessment? Learn exactly what to expect from a professional AWS security assessment: from discovery to deliverables, executive reporting and recommendations for remediation. The need for strong, proactive security has never been greater. Whether you’re preparing for a compliance audit, building […]
Is your cloud secure? Discover the most common AWS security gaps we uncover during audits, including public resources, IAM misconfigurations, and more. AWS offers IT teams the ability to create new technology solutions quickly and easily. But with great power comes great responsibility, and unfortunately, security misconfigurations in AWS are far too common. We perform […]
If your organization runs critical workloads in Oracle Cloud Infrastructure (OCI), you know security compliance is non-negotiable. This Oracle Cloud Security Checklist can help you get ready for your next audit. Whether you’re preparing for a formal audit, aligning with compliance requirements, or just taking control of your cloud security posture, a proactive OCI security […]
When planning a penetration test, one of the most common questions organizations face is whether to choose between external vs internal penetration testing. This post will help you understand the key differences between the two approaches and how to choose the one that provides the most value to your organization. While the obvious answer might […]
A question we often receive when scoping an engagement is, “Can my external penetration test be conducted after hours?” The short answer is yes, but there are some trade-offs that not everyone is aware of. In some cases, it could mean paying more for something you may not actually need. We’re always happy to talk […]
What are DNS Zone Transfers? While DNS zone transfers may seem like a relic of the past, they remain a relevant and potentially serious vulnerability in today’s cybersecurity landscape. Although many organizations addressed this issue decades ago, misconfigurations still occur, often due to legacy systems or oversight. As headlines have repeatedly shown, even widely known […]
Many organizations either skip incident response tabletop exercises entirely or settle for off-the-shelf scenarios that lack relevance to their environment. As a result, these exercises become little more than a “check-the-box” activity—minimally valuable and often poorly attended. To truly strengthen incident response and organizational resilience, tabletop exercises must be designed with purpose, realism, and customization. Why Traditional Incident […]
One of the most common and important questions we get from prospective customers is about our external penetration testing methodology. It’s a sign they’re doing their homework, which makes sense: if you’re going to let someone try to break into your network, you should know exactly how they plan to do it. We also love […]
