Blog

The key to our engagements often and unfortunately involve the discovery of credentials on internal network file shares. We’re going to show you how we find cleartext password storage problems and how to address them.

I’m going to quickly go through the process of setting up GoPhish and show you how we evade defenders to increase the success rate of our phishing campaigns.

Password. Password123. Yea, you’ve seen them all when it comes to bad passwords. It comes standard when managing IT security. But while your organization likely requires special characters, uppercase letters and even a number or two, if you don’t require longer passwords you’re not taking one of the most important steps to protect your network.

Maybe you’ve heard your IT security team talking about attack surfaces? Or, maybe the term has come up during a virtual conference or in your newsfeed. It’s important to take a step back and understand what an attack surface is and why you need to protect it.

Trying to wrap your head around what separates Continuous Penetration Testing from other forms of network security testing? Well, we get it. That’s why we’ve put together this handy little video. Sit back, have a snack and learn how CPT works, why it’s advantageous and how it can help you keep your organization’s network safe.

Automated Vulnerability Scanners, on the surface, have a lot of appeal to IT directors. They run in the background and are “always on”. They alert you when you have an issue. But the harsh reality is they provide a false sense of security and leave your network exposed.