In a previous blog, we covered the difference between an online and offline password attack. This blog will continue from there. Once a hacker is able to get your password hash offline for a password attack, let’s explore how a hacker guesses your password. As a point of clarification, this blog is written from the […]
The difference between offline and online password attacks could be the thing that prevents your account from being hacked and your organization being breached. In most cases, an attacker is going to be much more successful with an offline password attack than they will be from an online attack. But why? In this blog, we […]
A crucial part of maturing your overall incident response capabilities is dry-running the process through what are known as “tabletop exercises.” Imagine security meets Dungeons & Dragons-style role playing. In all seriousness, incident response tabletop exercises are a great opportunity to practice your incident response process in a realistic scenario, from the documentation to the defined […]
We get asked this almost as much as how often should we get a penetration test completed. There are many motivators and moving pieces that can drive the timing of a penetration test. Generally, if you’re asking “when should my company schedule a penetration test” the answer is “now”! Coming up with a regular schedule […]
We can file this away as a million dollar question for technology leaders and executives. While there is no right or wrong answer to this question, we recommend an annual security assessment that includes penetration testing. There are also actions that can be take throughout the rest of the year between assessments to help secure […]
A firewall configuration review is one of the safest activities we do as penetration testers. There’s no automated scanning, no active exploitation, and poking/prodding exposed ports and services. Even though it is a very low risk activity, there are a couple things we’ve identified over the years as ways to streamline the process of having […]
If you are reading this, I am sure that at some point you have had to suffer through some form of security awareness training. While we commend companies for trying, let’s face it, the majority of participants are just clicking through some computer-based training as fast as they can so they can get their certificate […]
We often get asked for references for our work. As you would expect, if you are hiring someone to hack your company or determine where your security vulnerabilities lie, you want to make sure they can be trusted. As part of the screening process, we highly recommend that you vet penetration testing partners via professional […]
In this blog, we will explore three steps you can take to make your firewall more secure. Your perimeter firewall is your first line of defense against attacks. And while it is not a silver bullet, making sure it is as secure as possible should be a top priority for your security team. Having performed […]
A firewall configuration review might seem like a pretty straightforward process. And truth be told, it is as far as security assessments go. But that being said, it can help to understand exactly what’s going on during this type of assessment, what the process includes, and what type of results you can expect. We’ve covered […]
