603 matches found
Fuzzing: Common Tools and Techniques
Fuzzing is a software testing methodology that can be used from either a black or white box perspective and predominantly consists of providing deliberately malformed inputs to an application to identify errors such as unhandled exceptions, memory spikes, thread hangs, read access violations or...
pymetasploit3 – Metasploit Automation Library
Have a checklist of tasks you perform every penetration test, such as SSH bruteforcing or port mapping? Automate it with Python and Metasploit! Unfortunately, there hasnt been a working, full-featured Python library for making these tasks easy for many years now. This changes today...
Is Cloud Computing Really New? And Other Insights on the Changing Face of Cloud
What is cloud computing, and why is its increased use getting so much attention? In my view, cloud computing is just the latest iteration of what started back in the days of the IBM service bureaus of the 1960s and 70s. Back then, only a handful of organizations had the resources to own and opera...
A day in the life of a cybersecurity professional
After I graduated from high school, I knew I wanted to do something in computers and IT, but I did not know exactly what - the IT help desk route, databases and database management, programming and software development, or something else perhaps? I knew one thing though - I did not want to be in ...
Coalfire participates in cybersecurity disaster exercise at the 2019 HSCC Spring Summit
The Healthcare and Public Health Sector Coordinating Council HSCC conducted their biannual Joint Cybersecurity Working Group JCWG All-Hands Meeting on April 3-4, 2019. As a member of HSCC, Coalfire participated in the JCWG meeting with other security leaders from across the healthcare industry an...
Processing payments in the cloud
Some things work so well together that even suggesting they dont now seems almost ridiculous. But I wonder, who were the pioneers that fought back when questioned about the jelly on the PB? The savory with the sweet. The steak wrapped in cheese . . . those crazy hipsters spreading avocado on toas...
The death metal suite
Intel Active Management Technology AMT is a feature provided by Intel for remote administration. If you happen to have a corporate laptop, odds are you too have AMT built into your system. To a sysadmin, AMT eases access to machines for the sake of assisting employees with technical issues, even ...
Tax time again: IT security for accounting firms
As the end of another busy tax season approaches, it is important for accounting firms to remember their obligations related to data security. Accounting firms maintain a significant amount of data on behalf of their own employees and clients. These firms house financial records, tax information,...
Introducing Our New Scanning Platform, CoalfireOne Scans
As you may be aware by now considering previous blog posts, ongoing walk-through webinars, and our press release, we released Coalfires brand new vulnerability scanning platform, CoalfireOne Scans, this morning. All of us here at the CoalfireOne Scanning Services Team are truly excited to see its...
Leveraging AWS Trusted Advisor for Security and Compliance
The benefits of undergoing mandatory or voluntary cybersecurity compliance assessments are well known throughout the cybersecurity industry. These benefits include improving the security posture of the organization, enabling sales to move faster through the sales lifecycle, addressing regulatory...
High-Power Hash Cracking with NPK
Password hashes are an everyday part of life in Coalfire Labs. Barring any other low-hanging fruit, its not uncommon for a penetration test to hinge on recovering a plaintext password from one of these hashes. Whether its NTLM hashes from Active Directory, NetNTLMv2 from Responder, WPA2 PMK from ...
Observations from RSA Conference, 2019
Last week, the 2019 RSA Conference was held with typical energy and exuberance in San Francisco. One of the largest cybersecurity industry conferences, it had over 700 exhibiting vendors not including another 50 in their Early Stage Expo area and over 500 sessions covering a wide range of current...
“Password Spraying”—What to Do and How to Avoid It
Cyber breaches arent the only hot topic in the cyber media--sometimes the attack tactics themselves can claim the limelight when a significant breach gains media attention. One tactic getting some attention in the news is "password spraying." We offer an overview of what it is, how to avoid it, a...
Update to Microsoft Checks
Part of the glamorous life of an ASV involves a rigorous Quality Assurance program to ensure that we are the best ASV's we can possibly be. Some of those efforts are not as readily apparent to our clients as others; but on some occasions, we like to share when our work directly benefits those who...
Enabling Clients to Cope with ASV Scans
Gathering evidence, applying patches, and configuring your systems in preparation for submitting your vulnerability disputes can be a nerve-wracking and daunting task. To better enhance your understanding of the Approved Scanning Vendor ASV process, Ive outlined some coping mechanisms and tools t...
Forensics and the Internet of Things (IoT)
Today, the Internet of Things IoT means that billions of devices are connected to the Internet. People and organizations are looking to connect devices more frequently for automation, simplification, and the feature advantages the IoT delivers. Items such as smoke detectors, glasses, watches,...
Encryption of Federal Data
One of the biggest challenges our customers face when pursuing Federal Risk and Authorization Management Program FedRAMP compliance is the federal mandate that Federal Information Processing Standards FIPS 140-2 validated cryptographic modules must be consistently applied where cryptography is...
Valuing IR Preparedness: Identifying and Communicating ROI
In the information security community, a proactive approach to incident response is always considered best practice. Reacting in the moment can drain resources and often, the full impact of the incident may take weeks or even months to remediate. Despite this, making a case to management for the...
How Hospitals Can Tie Cost Reduction to a Solid Data Security Program
When I have conversations with hospitals and other organizations subject to HIPAA, one of the first questions asked is "if I have a data breach, will OCR fine me, and if so, how much?" Many organizations decide to gamble: they opt to save time and money by not implementing a robust information ri...
Work It ‘til You Make It – Part 1
I was recently asked to be a speaker on my first "Women in Cybersecurity" panel. I accepted, despite my admitted fear of speaking in public, on a stage, dishing honesty to be judged by strangers. But, I did it because I know that itll make me a better speaker and a better leader - the more...
Compensating Controls: When Patching Isn’t an Option
Your software vendor is asleep at the wheel and your devs still need that legacy daemon...
The HOW, WHY, and HUH? Blog on Disputes
As you may know, performing vulnerability scans is a requirement for PCI DSS compliance. One of those specific requirements, described in section 11.2.2, states that quarterly external scanning must be done by a qualified Approved Scanning Vendor. Coalfire just so happens to be an ASV, so if you...
The California Consumer Privacy Act: Will It Apply to Your Organization?
In August 2018, California issued a revised version of a new consumer privacy law--the California Consumer Privacy Act CCPA. This statute goes into effect on January 1, 2020 and provides broad privacy protections to California consumers. This statute will have wide-ranging effects outside of...
PA-DSS to Software Security Framework: What You Need to Know
The Payment Application Data Security Standard PA-DSS developed by the Payment Card Industry Security Standards Council PCI SSC applies to software vendors and others who develop payment applications that store, process, or transmit cardholder data and/or sensitive authentication data. The list o...
Scan Interference
Scan interference is best defined as when traffic from our scanners gets blocked, filtered, dropped, or modified in response to some sort of active protection system not recognizing our traffic. Once our scanners are flagged as an intruder, the clients environment is no longer accessible, which...
CoalfireOne Special Notes
PCI-DSS can be challenging to navigate - particularly when it comes to the ASV scanning requirements. While fulfilling the scanning requirement is easy, obtaining a passing attestation report may involve more than simply remediating failed findings. One requirement that we receive many questions...
RISE in the Community
Hope House of Colorado is metro-Denvers only resource for providing free self-sufficiency programs to teen moms, including residential, General Educational Development GED, and college and career programs. Additional supportive services include parenting and healthy relationship classes, life...
Epic Holiday Cookie Baking
One aspect of being a penetration tester that is always rewarding is the process of rabbit-holing into an area of interest and letting the data guide me to my destination. Recently, while updating and testing new code on a custom cookie fuzzing tool Anomalous Cookie -...
PCI Announces Coming Qualified PIN Assessor (QPA) Program
Second only to protecting sensitive credit card account information, safeguarding the cardholders personal identification number PIN is one of the most important tasks for prevention of card-present fraud in retail and banking. With the continued movement toward chip-and-PIN EMV the technology...
What You Should Know About the Changing Nature of Telephone-Based Payments
In March 2011, the PCI SSC released the initial version of the "Protecting Telephone-Based Payments Card Data" Information Supplement as a guide to help assessors assess environments where cardholder data was stored, processed, and/or transmitted over the telephone. It was a pivotal guidance...
Kubernetes Vulnerability: What You Can and Should Do to Protect Your Enterprise
This week, news was released regarding a critical security Common Vulnerability and Exposure CVE associated with the Kubernetes container software CVE-2018-1002105. While this is only a reported vulnerability at this stage and no actual exploits have been reported to date, organizations that have...
The Effect of NIST 800-171A on Government Contractors
NIST 800-171A introduces a standardized opportunity to perform a more structured and granular level of assessment leveraging the National Institute of Standards and Technology NIST Special Publication SP 800-171 framework...
HIPAA Complaints, OCR Investigations, and Security Risk Analysis for Healthcare Delivery Organizations – A Common Thread
Many HIPAA covered entities CEs and business associates BAs may not be meeting the regulatory mandate as defined in §164.308a1iiA of the HIPAA Security Rule. This implementation specification requires that healthcare delivery organizations HDOs "Conduct an accurate and thorough assessment of the...
Upcoming Changes to Cryptographic Findings in Q4 2018
The security world is a constantly changing and evolving landscape, and as part of Coalfire's commitment to security, we need to constantly review and update vulnerability information for vulnerability scanning to keep up. We've made some changes to previously acceptable vulnerability checks, whi...
Automating Incident Prevention and Response in AWS
Information security incidents can result in reputational damage, financial losses, or a loss of system functionality for organizations at any time. Because threats and attack vectors are growing rapidly, organizations must prepare to respond to incidents in real time. The incident response IR...
Coalfire Teams with Healthcare and Public Health Sector Coordinating Council (HSCC) for Fall Summit
The Department of Homeland Security DHS charged the Healthcare and Public Health Sector Coordinating Council HSCC with serving as a partnership between the private and public healthcare sectors. To that end, two unique councils were formed: The Healthcare and Public Health Government Coordinating...
What You Need to Know from the North American PCI Community Meetings
Too busy to attend the PCI Community Meetings this year? Coalfire has you covered with the top 6 things you need to know from the most important annual payments conference in the world...
IoT Adventures: The LeFun WiFi Camera
Recently I happened to be in the market for a baby monitor, so I decided to search Amazon for an affordable device that would fit my needs. A search for "baby monitor" within the "electronics" department brought me to the LeFun WiFi Camera. For $39.99 at the time of my purchase, this seemed like ...
Waiting, Waiting, Waiting... Is There a Right Time for Breach Notification?
Recently, a popular online retailer revealed a month-long data breach. Card-skimming code was found capturing customer credit card data from the payment page of its website and sending that data to what appeared to be a legitimate server with a similar domain name and a valid HTTPS certificate. T...
The Unhealthy Security of Healthcare
I have been involved in a number of healthcare penetration tests here at Coalfire and in my previous roles. I have hacked electronic medical records, medical devices, and most importantly, humans. From my time as a systems engineer at a medical device and systems vendor to my current role at...
Leading in Privacy
On September 24, I was pleased to represent Coalfire and private-sector expertise by attending the kickoff for the Privacy Framework at the Brookings Institute in Washington, D.C. The event was attended by notable leaders in the industry and government: The Departments of Transportation and...
The Unhealthy Security of Healthcare
I have been involved in a number of healthcare penetration tests here at Coalfire and in my previous roles. I have hacked electronic medical records, medical devices, and most importantly, humans. From my time as a systems engineer at a medical device and systems vendor to my current role at...
Phantom Acquisition Lets Splunk SOAR
At the SplunkLive! Conference in Washington, D.C., Splunk gave a presentation on Phantom, a Security Orchestration, Automation, and Response SOAR system. Splunk acquired Phantom this year for $350 million...
From OSINT to Internal: Gaining Domain Admin from Outside the Perimeter
When I first began working at Coalfire in early 2017, I couldnt wait to get started pentesting professionally for the first time. When I finally got tasked with my first gig, I dove right in. I was tasked to perform an assessment of the external network. After hitting all known servers and web...
Exploiting Blind Java Deserialization with Burp and Ysoserial
While performing a web application penetration test, I stumbled upon a parameter with some base64 encoded data within a POST parameter. Curious as to what it was, I sent it over to Burp decoder...
AWS Slurp Github Takeover
Slurp is a tool used by information security professionals to enumerate AWS S3 buckets. Slurp takes a domain name example.com or wordlist as input and cycles through likely S3 bucket names example.s3.amazonaws.com looking for any world-read/writeable buckets. S3 buckets are a great find for...
The Dangers of Client Probing on Palo Alto Firewalls
While performing a routine internal penetration test, I began the assessment by running Responder in analyze mode just to get an idea of what was being sent over broadcast. Much to my surprise, I found that shortly after running it, a hash was captured by Responders SMB listener...
Google Cloud NEXT '18: A Growing Event with Much to Offer
If you want to learn whats up and coming for Google Cloud and make some great connections, Google Cloud NEXT is an informative, lively event to prioritize on your conference calendar. Coalfire attended the recent Google Cloud NEXT 18 conference in San Francisco July 24-27 and found it to be a goo...
Our Analysis: Gartner’s Hype Cycle for Risk Management, 2018
For those of us charged with managing cyber risk as well as planning and budgeting for cybersecurity, the Gartner "Hype Cycle for Risk Management, 2018" provides some helpful perspectives that are useful in setting both priorities and expectations...
Humans Are the Weakest Link in Security
In our recent analysis of penetration testing engagements contained in our Penetration Risk Report, we discuss the impact that social engineering, specifically phishing, has on the ability to allow attackers insider access to compromise an organization...