Earlier this year, Triaxiom was set on building a new password cracking machine which would be a more advanced iteration than its predecessor, Thor. Simply put, a password cracking machine is a powerful computer which can run through billions of password guesses per second. This leads us to our new project – Loki. Overview: While […]
The long-anticipated release of the Payment Card Industry (PCI) Data Security Standard (DSS) Version 4.0 (v4.0) by the PCI Council occurred on March 31, 2022. Although not a revolution, the new version contains many changes from the previous version (v3.2.1). According to the Council, the changes represent their determination to “continue to meet the security […]
Recently during an External Penetration Test, Triaxiom discovered several flaws/vulnerabilities within a commercial-off-the-shelf (COTS) eCommerce platform called XMPie uStore. In this post, we will discuss the avenue through which Triaxiom was able to gain initial access to this application, the security flaws discovered, recommended remediation steps for those flaws, and the responsible disclosure process with […]
At Triaxiom Security, we have the distinct advantage of working with hundreds of clients across a variety of different verticals. One week, I may be conducting a penetration test for a Fortune 300 retail organization, and the next week I may be doing an audit for a hospital. This wealth of experience gives us the […]
These days, it is quickly becoming a necessity that all companies have public facing web applications for various purposes. Additionally, these web applications can be incredibly complex with a large feature set. Because of that, web application weaknesses can arise pretty easy, resulting in serious consequences. In this blog post, we’ll examine a couple web […]
Ransomware has been all over the news lately with the Colonial Pipeline and JBS ransomware attacks. It seems like everyone from the local grocery store clerk to top government officials have been discussing ransomware since it has hit the mainstream news headlines. Today, we will take a quick look at what ransomware is, how it […]
In today’s blog, we are going to consider non-domain-joined system security. For most organization’s we test, this can include things like medical devices, systems in kiosk mode in public spaces, IoT devices, or other systems that were forgotten. If these systems are not on the domain, do we care? If so, why? How can an […]
On May 7th, Colonial Pipeline experienced a ransomware attack that shut down the largest supplier of gasoline to the South. This led to widespread panic-buying of gasoline across the southern United States. In Triaxiom’s home state of North Carolina, 71% of gas stations were without gasoline according to GasBuddy. In this blog, we will explore […]
CVEs and responsible disclosures are both important items and steps to securing software and making the Internet a more secure place. At Triaxiom Security, we are very fortunate to see a wide array of different technologies, software, and environments when conducting various assessments for our clients. Because of this, it’s not uncommon to discover weaknesses […]
In the world of penetration testing, there are a lot of myths and misnomers surrounding the types of penetration tests, how penetration tests are conducted, etc. Today, we look to debunk 5 common myths of penetration tests and help you maximize the value from your next penetration test. Common Myths of Penetration Tests “We guarantee […]
