Overview While performing security tests against web applications or network infrastructures, I often come across web servers with directory listing enabled. What is directory listing you say? “Web servers can […]
Overview I was engaged to perform a mainframe penetration test recently. What is a mainframe? Mainframes are high-performance computers with large memory (RAM) and processors that process billions of simple […]
Overview Recently on an internal penetration test engagement I ran into an installation of HP SiteScope. Wikipedia defines HP Sitescope as “agentless monitoring software focused on monitoring the availability and performance of […]
While researching daycare software online we identified multiple providers / companies that offered daycare software. In this instance we looked at an application that was configured worse than the first […]
As my wife recently started an at-home daycare, we have done testing of different child activity tracking applications that provide parents with updates about their child throughout the day (e.g. […]
MouseJack, originally discovered by Bastille, is a vulnerability that affects many wireless (non-Bluetooth) keyboards and mice. An attacker is able to utilize a USB radio device, available for less than […]
“Egress filtering is the practice of monitoring and potentially restricting the flow of information outbound from one network to another. Typically, it is information from a private TCP/IP computer network […]
This series of posts is in no way showcases a full penetration test, which does a much deeper dive into an application’s risks and utilizes many more tools and manual […]
During a recent internal network penetration test, we saw indications that an Adobe ColdFusion host was vulnerable to the BlazeDS Java Object Deserialization exploit. After performing some research, I couldn’t […]
When performing onsite social engineering engagements for clients, regardless of industry, 95% of the time you will see some sort of technology involving RFID utilized to manage access (interior and […]
