National Cybersecurity Awareness Month – Moving or already moved to the public cloud?

Cloud Security

So, you are thinking of moving to the public cloud, or have already made the move. While there are many benefits (we will not list them) to moving to the public cloud, proceed with caution. The biggest threat to cloud security does not come in the form of bots or zombie networks or hackers, it […]

Read more

National Cybersecurity Awareness Month – Know your Attack Surface

Cyber attack surface

October is National Cybersecurity Awareness Month. Our goal this month is to provide you meaningful information to help you make well-informed, conscious decisions about how you should be protecting yourself and company from cyber threats. To start this month off we felt it was important for everyone to become familiar with the term “attack surface”. […]

Read more

Phishing attack evades detection

Inform your HR departments, internal recruiting teams, and hiring managers to be on the lookout for emails that come from someone submitting a resume for an open position in your firm. Why? There has been a significant increase in the use of this type of email attack to deliver malware. What makes these emails different? […]

Read more

Cybersecurity Alert – OCIE – Safeguarding Customer Records and Information in Network Storage – Use of Third Party Security Features

Alert On May 23, 2019, the Office of Compliance Inspections and Examinations (“OCIE”) issued the alert “Safeguarding Customer Records and Information in Network Storage – Use of Third Party Security Features”. In this alert the OCIE ‘identified security risks associated with the storage of electronic customer records and information by broker-dealers and investment advisers in […]

Read more

Beyond the Grave virus, is it a hoax or a warning sign?

beyond the grave

Here’s why we think there is something interesting about the “Beyond the Grave Virus” supposedly affecting hedge funds. We were curious because there was some chatter about it being a hoax. While this can be (very) true, we think it was worth looking in to. Who knows, it may possibly be an early exploration expedition […]

Read more

There is a difference between privacy and cyber(security).

protection

We see too often that the terms privacy and security (cybersecurity) are used interchangeably and felt it was important to help people understand that they are not the same thing. Yes, there is a relationship between the two, but again, they are not the same thing. If you ask a group of cybsecurity professionals whether […]

Read more

Automating Password Cracking Using Responder and Hashcat! (Part 1)

Automated Password Cracking

Responder, one of the tools that is part of every pen-testers toolkit (if you are a pen-tester and you don’t use it, shame on you), is by far one of the greatest tools ever made. We use it on every internal and sometimes external pen test that we do. For those that aren’t familiar, responder […]

Read more

“New” phishing campaigns – leveraging scare tactics (Ransomware 3.0)

phishing

We got an email today that we thought was very interesting. Most of the email phishing campaigns that we’ve seen thus far, and the most common ones our clients typically get fall into two buckets: click a link or open an attachment. We all know how effective some of these campaigns are. Lots of people […]

Read more

How we were able to bypass Windows Defender on a Windows 10 machine to get a reverse shell!

Windows Defender Bypass

It seems we just peaked your interest, right? Isn’t that the reason you are here reading this? It’s either that, or you are just trolling, you know who you are. We’ve experienced first-hand and have also heard from many of our fellow pen testers that anti-virus solutions, especially some of the next-gen solutions are easy […]

Read more

1 2