Author
Justin Wise
Explore the author's collection.
Author
Explore the author's collection.
Automated Vulnerability Scanners, on the surface, have a lot of appeal to IT directors. They run in the background and are “always on”. They alert you when you have an issue. But the harsh reality is they provide a… read more →
Collecting and validating an organization’s employee base is critical for any successful offensive information security operation. read more →
In-depth info. to consider before choosing how you’ll test network security. If you’ve thought about using a bug-bounty program to test your organization’s network, hit pause and read this first. read more →
When starting a penetration test, we first try to discover domains associated with our target apex domain. To help you navigate this part of the process, we’re going to detail it, highlighting tips and tricks for… read more →
We are going to dig into Slack workspace compromise to provide additional information and tooling you can use to leverage access. This guidance will build off of “Abusing Slack for Offensive Operations”, a great article… read more →
Bug-bounty programs live and die by their ability to target public-facing assets and then expose related vulnerabilities. But one asset is out of their reach, and it’s arguably the most dangerous to your network. read more →
Recent reports from FireEye revealed a large-scale campaign to infect company networks using a modified version of the SolarWinds Orion monitoring agent. read more →
Oh, the world of good ol’ bug-bounty programs. In recent months they’ve become a hot topic for IT teams looking to unearth vulnerabilities. And it’s easy to see why. They’re flashy and promise the world. Your company… read more →
Getting hacked hurts. Not only is it often a PR nightmare and the cause of sleepless nights – a company data breach is a financial fright fest that can cost you millions of dollars. read more →
Practical, expert-tested guidance you can apply to immediately improve your network security. read more →
Good command-and-control infrastructure requires a known, trusted domain. When you’re first starting out, this can be difficult to find, but luckily other testers have provided many great resources. read more →
After initially accessing an internal network during a penetration test, you need to find out what the Active Directory (AD) infrastructure looks like. Here, we’re going to examine methods for this process from both… read more →
Continuous Human & Automated Security
Continuously monitor your attack surface with advanced change detection. Upon change, testers and systems perform security testing. You are alerted and assisted in remediation efforts all contained in a single security application, the Sprocket Platform.