The Escape

posted on Dec 15, 2014 by Geoffrey Vaughan

The hacker mindset is one of curiosity and intrigue into how systems and various things work. We try to understand how a particular system works and then look for ways that it could be manipulated, repurposed, improved, or exploited. This curiosity is not limited to computer systems but encompasses all things we may have the…

Women in Tech: Sintia Maria Sanches

posted on Dec 8, 2014 by Niyosha Freydooni

These blogs are about remarkable employees that contribute to Security Compass’s culture in more ways than one. I will be writing about another fabulous, hard-working woman in tech. This second edition will focus on a member who helps keep the work environment enjoyable and routinely safe; she is technically a computer genius. Meet Sintia Maria Sanches…

The more the merrier, right?

posted on Dec 4, 2014 by Michael Bennett

Our society has been raised to believe that more is always better. That holds especially true when it comes to tech devices. Everyone wants more devices capable of doing more things and offering more control and of course everything needs to be more connected. But what if there aren’t appropriate security protocols to handle the…

Implications of Internet of Things

posted on Nov 19, 2014 by Michael Bennett

The Internet of Things (IoT) is a rapidly growing phenomenon where device makers are building Internet connectivity into every device they produce. The ability to connect to the Internet brings with it the potential of connecting and using your device in new and exciting ways. Devices can gain access to a wealth of information available…

Pwning Networks Through Vulnerable Applications

posted on Nov 11, 2014 by saurabh

If you are a pentester, you would agree that one of the most common ways of compromising a network is through vulnerable 3rd-party applications. I am talking about Apache tomcat, JBoss jmx-console, Hudson-Jenkins and such. I do a lot of internal network pentests and it seldom (more like, never) happens that I do not find…

Whiteboard Wednesday: Using Mimikatz From a JSP shell

posted on Oct 22, 2014 by stephen

A while back I was messing around with Tomcat and it got me thinking when I come across Tomcat during assessments it is normally running as system or some kind of admin account. Sometimes I don’t want to/cant use metasploit and I just have the web shell. I could create a user and log in…

Firewall, Router and Switch Configuration Review

posted on Sep 23, 2014 by ted

The presentation provides a topical overview of the areas to be looked at when conducting a Firewall, Router, or Switch configuration review. This presentation is based on a slide deck I prepared for an internal Learning & Growth session in March of 2014.  More detailed material is available from the “References” slide.

Digging and Clicking: How I Learned Lock Picking

posted on Aug 25, 2014 by Niyosha Freydooni

 I arrived to work on Monday August 11, 2014 tired from the weekend, a morning I was anything but excited for. Little did I know that within minutes I would be awakened with power. The Hack We had started setting up the Battle School hacking booth at the office the week before. As I approached…

ALS Ice Bucket Challenge!

posted on Aug 21, 2014 by Niyosha Freydooni

Challenge Background The ALS Ice Bucket Challenge first began with a golfer in Florida. He decided to nominate a few friends and soon after Social Media took over. Now at $22 million, the donations are still coming in. To some, the ALS Ice Bucket Challenge has become repetitive and nothing but a fad. But to…

Women in Tech: Rossana Ludena

posted on Aug 13, 2014 by Niyosha Freydooni

Finally: a blog featuring Security Compass’s amazing, vibrant and IT proficient women. I will be writing about who these women really are and how they contribute to Security Compass’s culture, success and growth. These are women who go beyond the call of duty by doing exceptional work and brightening up a coworker’s day. Meet Rossana…