Implications of Internet of Things

posted on Nov 19, 2014 by Michael Bennett

The Internet of Things (IoT) is a rapidly growing phenomenon where device makers are building Internet connectivity into every device they produce. The ability to connect to the Internet brings with it the potential of connecting and using your device in new and exciting ways. Devices can gain access to a wealth of information available…

Pwning Networks Through Vulnerable Applications

posted on Nov 11, 2014 by saurabh

If you are a pentester, you would agree that one of the most common ways of compromising a network is through vulnerable 3rd-party applications. I am talking about Apache tomcat, JBoss jmx-console, Hudson-Jenkins and such. I do a lot of internal network pentests and it seldom (more like, never) happens that I do not find…

Whiteboard Wednesday: Using Mimikatz From a JSP shell

posted on Oct 22, 2014 by stephen

A while back I was messing around with Tomcat and it got me thinking when I come across Tomcat during assessments it is normally running as system or some kind of admin account. Sometimes I don’t want to/cant use metasploit and I just have the web shell. I could create a user and log in…

Firewall, Router and Switch Configuration Review

posted on Sep 23, 2014 by ted

The presentation provides a topical overview of the areas to be looked at when conducting a Firewall, Router, or Switch configuration review. This presentation is based on a slide deck I prepared for an internal Learning & Growth session in March of 2014.  More detailed material is available from the “References” slide.

Digging and Clicking: How I Learned Lock Picking

posted on Aug 25, 2014 by Niyosha Freydooni

 I arrived to work on Monday August 11, 2014 tired from the weekend, a morning I was anything but excited for. Little did I know that within minutes I would be awakened with power. The Hack We had started setting up the Battle School hacking booth at the office the week before. As I approached…

ALS Ice Bucket Challenge!

posted on Aug 21, 2014 by Niyosha Freydooni

Challenge Background The ALS Ice Bucket Challenge first began with a golfer in Florida. He decided to nominate a few friends and soon after Social Media took over. Now at $22 million, the donations are still coming in. To some, the ALS Ice Bucket Challenge has become repetitive and nothing but a fad. But to…

Women in Tech: Rossana Ludena

posted on Aug 13, 2014 by Niyosha Freydooni

Finally: a blog featuring Security Compass’s amazing, vibrant and IT proficient women. I will be writing about who these women really are and how they contribute to Security Compass’s culture, success and growth. These are women who go beyond the call of duty by doing exceptional work and brightening up a coworker’s day. Meet Rossana…

A Fresh Approach to Building an Application Security Program

posted on Jul 28, 2014 by Rohit Sethi

Ben Tomhave and Ramon Krikken at Gartner have released a paper called Application Security: Think Big, Start with What Matters which describes concrete steps on how to cost effectively deploy an app sec program. We highly recommend that organizations seeking to build an app sec program to read the report. Krikken & Tomhave have defined…

3 Things To Consider When You Revisit Your Backup System

posted on Jul 9, 2014 by sahba

What’s expected from you in your role as a CISO is expanding as companies rely heavily on more complicated information systems. There is a barrage of threats and more reliance on technology as businesses leave the pencil and paper behind. Status quo is not an option with so much change occurring within the IT industry,…