Latest Content

Industry Blog

A Look Forward to the DEF CON Red Team Village CTF

Aug 5, 2020 5:00:00 AM | By Barrett Darnell

I've recently had the challenge of building a fully immersive scenario to test red teamers’ offensive security skills for this year’s DEF CON Red... continue reading

Industry Blog

Are You Giving Out Cheat Codes if You Whitelist Pen Testers?

Jul 29, 2020 5:00:00 AM | By Brianne Hughes

At some point during the scoping process with new clients, the subject of whitelisting comes up. Most of our clients choose to whitelist our IP... continue reading

Industry Blog

An Updated Guide to Do-It-Yourself Network Segmentation

Jul 23, 2020 5:00:00 AM | By Matt Keeley

For a “Star Wars”-themed take on network segmentation, check out “I Find Your Lack of Segmentation Disturbing.” continue reading

Advisories

LibreHealth Version 2.0.0

Jul 14, 2020 3:07:20 PM | By Chris Davis,

ADVISORY SUMMARY The following document describes identified vulnerabilities in the LibreHealth application version 2.0.0. Five high-risk issues... continue reading

Tech Blog

Breaking HTTPS in the IoT: Practical Attacks For Reverse Engineers

Jun 30, 2020 5:00:00 AM | By Nathan Elendt,

As the old joke goes, the ‘S’ in “IoT’ stands for security. While (Internet of) Things can vary wildly in design robustness and overall security,... continue reading

Tech Blog

Stop Treating Breaches Like Natural Disasters: A New Mindset for Application Security

Jun 25, 2020 5:00:00 AM | By Dan Petro,

Application security is a complex topic that can be viewed through many lenses, and each is valuable when used in the right context. There’s one... continue reading

Tech Blog

How to Set Up Your Hardware Lab

Jun 23, 2020 5:00:00 AM | By Jordan Parkin,

In recent years, embedded device security has made its way into the public consciousness as attackers target the now ubiquitous smart devices in... continue reading

Advisories

SecureAuth Version 9.3

Jun 19, 2020 5:00:00 AM | By Chris Davis, Robert Punnett

ADVISORY SUMMARY One low-risk vulnerability was discovered within the SecureAuth IdP v9.3 application. This vulnerability could allow malicious... continue reading

Advisories

DigDash Enterprise: Versions 2018R2-2020R1

Jun 15, 2020 5:00:00 AM | By Florian Nivette,

ADVISORY SUMMARY The following document describes three identified vulnerabilities (one high-risk, one medium-risk, one low-risk) in the DigDash... continue reading

RMIScout: Safely and Quickly Brute-Force Java RMI Interfaces for Code Execution

EYEBALLER: AI-powered tool to help pen testers assess large external perimeters.

Dufflebag: Uncovering Secrets in Exposed EBS Volumes

Latest Content

A Look Forward to the DEF CON Red Team Village CTF

Are You Giving Out Cheat Codes if You Whitelist Pen Testers?

An Updated Guide to Do-It-Yourself Network Segmentation

LibreHealth Version 2.0.0

Breaking HTTPS in the IoT: Practical Attacks For Reverse Engineers

Stop Treating Breaches Like Natural Disasters: A New Mindset for Application Security

How to Set Up Your Hardware Lab

SecureAuth Version 9.3

DigDash Enterprise: Versions 2018R2-2020R1

Latest Articles

7 Must-Haves for a Rockin' Red Team

Is your perimeter inventory leaving you exposed? Why it’s time to switch from IP to DNS

What Your Company Needs to Know About Hardware Supply Chain Security

Get Organized Like a Villain

6 Best Practices for Performing Physical Penetration Tests

Red teaming: Why a forward offense is the best defense

Is Your Company Ready For A Bug Bounty Program?

MANAGED SERVICES

CONSULTING SERVICES

PARTNER PROGRAMS

LABS | RESEARCH & RESOURCES

CAREERS

COMPANY

COMMUNITY

CONTACT

ADDRESS

Latest Content

Popular Picks

FIND OUT FIRST

Latest Articles

MANAGED SERVICES

CONSULTING SERVICES

PARTNER PROGRAMS

LABS | RESEARCH & RESOURCES

CAREERS

COMPANY

COMMUNITY

CONTACT

ADDRESS