At the onset of any engagement, Triaxiom Security engineers will begin with research, often called Open Source Intelligence Gathering, or OSINT for short. Engineers will comb the internet, both manually and with automated tools and scripts, to better understand the client, their underlying technologies, and where weaknesses may lie. In general, any data obtained during […]
In an era where cybersecurity has become a critical concern for institutions across all sectors, higher education institutions face unique challenges in safeguarding sensitive data, protecting research networks, and maintaining the trust of students, faculty, and stakeholders. The importance of using a penetration testing company focused specifically on higher education is key for achieving the […]
In this blog, we are going to look into a few of the top mistakes CISOs make when it comes to penetration testing and how your organization can avoid them.
In today’s blog, we will be discussing social engineering attacks in the age of COVID-19. Social Engineering is a popular vector for attackers and with the rise of remote work due to the pandemic, companies’ IT security departments need to be increasingly vigilant. As many of our readers are no doubt aware, social engineering attacks […]
Today, we’re going to take a closer look at how network segmentation can be used to improve your organization’s security posture. Network segmentation is, very simply, creating subdivisions of your corporate network and then intelligently restricting traffic flows between them. This can take the form of VLANing, ACLs on routers or firewalls, host-based firewalls, physical […]
In today’s blog, we’ll discuss the differences between a CTF vs real, professional penetration testing, and the mindset required for each. We’re primarily aiming this article at aspiring and junior penetration testers, by highlighting some of the things to think about when transitioning from a CTF-style environment to that of a professional penetration testing firm. […]
Let’s say you just received a penetration test report from a company and you are working with your internal IT team or development team to triage and fix the issues raised. Someone on your team is of the mindset that fixing the medium/low priority issues in report isn’t even worth the amount of resources it […]
Today’s security quick tip is brought to you by some API penetration tests I’ve completed over the past few weeks. One of the things I’ve noticed more and more as organizations are developing and implementing APIs as part of their overall application infrastructure is the presence of “greedy” or overly verbose JSON objects in HTTP […]
One of the most common tests we perform for clients is an internal penetration test, designed to explore the vulnerabilities across a company’s internal networks. This testing emulates what an attacker that gained an initial foothold on the network could do or what kind of problems a malicious insider could cause, to put it briefly. […]
In this blog, we’re going to do a quick review of PCI DSS Requirement 12.11 and provide some strategies for service providers who need to maintain PCI compliance. As you may have guessed from context clues in the first sentence of this blog, this requirement only applies to service providers and does not need to […]
