Equifax Breach: Why I am not surprised

The Equifax breach, announced in September 2017, is said to potentially impact some 143 million Americans.  At this point in time Equifax has not shared many details about the breach except the numbers and that the information was extracted through a web application vulnerability.  Despite the lack of details, we can make some educated guesses … Equifax Breach: Why I am not surprisedRead More »
Read more

Are You Ready for Your Pen Test?

  It is day three of a five-day penetration test engagement and we still don’t have all the information we need to proceed with the test. This particular test was scoped to focus on internal applications and we were to gain access to those applications through the client’s VPN solution. But instead we find ourselves … Are You Ready for Your Pen Test?Read More »
Read more

Cloud-Base Host Discovery Is Easier Than You Think!

During a recent conversation at DerbyCon it occurred to me that some security folks who are just dipping their toes into AWS are struggling a lot with the idea that cloud (EC2) instances keep popping up spontaneously. Developers and their agile / devops / continuous deployment methodologies are creating a chaotic mess of the network that has … Cloud-Base Host Discovery Is Easier Than You Think!Read More »
Read more