Protecting Against Legacy Protocol Abuse

Protecting Against Legacy Protocol Abuse

The cyber security consequences of technical debt “Our job is to make everyone’s worst nightmare come true.” – Tim McGuffin, Lares Consulting Tim McGuffin and I go way back. Tim is the Senior Red Team manager with Lares Consulting. A self-described “hacker in the old school sense of the word,” Tim takes protocols and systems apart, figures out how they work, and then bends them to his will.[...]

The Vulnerability That Keeps On Giving: Seven New Variations of Spectre and Meltdown Discovered

The Vulnerability That Keeps On Giving: Seven New Variations of Spectre and Meltdown Discovered

Meltdown and Spectre Overview On January 8, 2018, Revolutionary Security reported on Meltdown and Spectre, which are kernel-level vulnerabilities impacting the processing of unauthorized local memory. These vulnerabilities take advantage of a CPU feature called “speculative execution,” which is leveraged by the CPU to optimize performance by running tasks that may not actually be required. The[...]

Cyber Intelligence Leads to Resiliency

Cyber Intelligence Leads to Resiliency

Security by Compliance Within this blur of a technology driven society, time and time again we see companies that have designed a security operations center to meet their compliance needs, and yet still appear on the evening news as being a victim of a cyber attack.  Security’s goal, protecting the digital assets of an organization from attacks, differs from that of compliance, which is ensuring[...]

Everyone Knows Your Wi-Fi Password…Eventually

Everyone Knows Your Wi-Fi Password…Eventually

A good network administrator knows that a strong Wi-Fi password is crucial. Some even put up with the hassle of regularly scheduled password changes. However, not everyone has a deep understanding of why it is dangerous to deviate from these procedures. Knowing how Wi-Fi passwords are compromised can help convince administrators to use and stick to these best practices. Having a basic[...]

Validating Security Controls and Countermeasures with Penetration Testing

Validating Security Controls and Countermeasures with Penetration Testing

It’s been a few weeks and the dust is starting to settle following the reported data breach in September 2017 at Equifax, one of the big three credit reporting agencies. While other major data breaches have been the result of advanced methods possibly utilizing leaked classified attack techniques, this attack was performed by exploiting a well-known vulnerability within a popular web application.[...]