Archive: Jul 2015

How not to suck at pen testing 6: Penetration testers code of ethics

Black Hills Information Security’s John Strand lists the essential rules, which are intended to make pen testing more efficient as the industry is moving on. John Strand: The whole gist of this entire presentation is we need to keep moving forward as network pen testers. We need to continue to find new...

Remove CryptoWall 3.0 ransomware and mitigate the file damage

While the individuals behind CryptoWall 3.0 virus remain pinned to the “most wanted” cybercriminals list, their infamous product has been up and running for months on end. Anyone who is unfortunate enough to fall victim to this nasty hoax isn’t very likely to know what RSA-2048 even means before the...

How not to suck at pen testing 5: Hunt teaming

This part is about a really interesting, highly effective take on network penetration testing advocated by John Strand and his colleague Joff Thyer. John Strand: So, let’s talk about trying to find new areas, and that’s kind of where we are going to start tying this up (see right-hand image). We need to...

How not to suck at pen testing 4: Bit9 issues and ISR Evilgrade attacks

John Strand dwells on a few nontrivial vectors applicable for compromising target organization’s IT infrastructure and bypassing technologies like Bit9. Also, there’s data loss prevention. As I said, we’re in the midst of a webcast called “Sacred Cash Cow Tipping”. In information security,...

How not to suck at pen testing 3: Mitigating structural weaknesses

The author of the presentation moves on to express his viewpoint on the correct way of handling structural vulnerabilities found during a security assessment. Another kind of offset one was antivirus. I know that this isn’t leet at all, but a couple of weeks ago we did a webcast called “Sacred Cash Cow...