How to configure Android (Virtual) for Mobile PenTest
This post is about setting up an Android Virtual Machine (AVD) for a mobile application penetration test.
Cooking up Better Security Incident Communications
I am fond of meal kits. I enjoy the entire experience: the scrolling through delicious-looking meal descriptions, the excitement of receiving a package full of ingredients, the smells while learning how to make the recipe, and of course tasting that first bite of the new things you created with your own hands. I have not …
Cooking up Better Security Incident Communications Read More »
Once upon a time there was a WebSocket
This is the story from one of our recent penetration testing engagements. Still, the story is a familiar one for those who are testing newer web applications that use one of the multitudes of evolving web app platforms built on a poorly understood technology stack. In this case, we ran into a WebSocket-based application that …
Security Review of Nest Camera
I love tinkering with home automation and security solutions. The simplicity of turning on a light bulb with a voice command makes me giddy, and I totally geek out over building scripts with more complex interactions between multiple devices. So, I recently purchased an Outdoor Nest Camera to point at my driveway for monitoring purposes …
Equifax Breach: Why I am not surprised
The Equifax breach, announced in September 2017, is said to potentially impact some 143 million Americans. At this point in time Equifax has not shared many details about the breach except the numbers and that the information was extracted through a web application vulnerability. Despite the lack of details, we can make some educated guesses …
Are You Ready for Your Pen Test?
It is day three of a five-day penetration test engagement and we still don’t have all the information we need to proceed with the test. This particular test was scoped to focus on internal applications and we were to gain access to those applications through the client’s VPN solution. But instead we find ourselves …
Cloud-Base Host Discovery Is Easier Than You Think!
During a recent conversation at DerbyCon it occurred to me that some security folks who are just dipping their toes into AWS are struggling a lot with the idea that cloud (EC2) instances keep popping up spontaneously. Developers and their agile / devops / continuous deployment methodologies are creating a chaotic mess of the network that has …
Cloud-Base Host Discovery Is Easier Than You Think! Read More »
Wireless Attacking EAP-TTLS with Kali 2 and ALFA AWUS051NH
Is your corporate wifi as secure as you think it is? A common configuration for WPA Enterprise wireless networks is to use a combination of PEAP (Protected EAP) and EAP-TTLS (Tunneled Transport Layer Security). Though this configuration solves several issues found in other configurations, it (sometimes) also has its own fatal flaw. If a client …
Wireless Attacking EAP-TTLS with Kali 2 and ALFA AWUS051NH Read More »
Professionally Evil Insights: 2015
Are you interested in knowing which vulnerabilities are the most commonly discovered in penetration tests? How about which industries are doing the best (or worst) with improving on their security programs? We pulled together all of our 2014 and 2015 findings, analyzed the results, and came up with some interesting (at least we think so) …
Five Outdated Security Excuses
The Security Industry as a whole has been known to criticize businesses large and small with respect to how they manage security. Why does it so often seem like an after-thought? How is it that today we still frequently find that security teams are understaffed (or not at all), that business decisions involving sensitive information are made without …