The Blog

ADCS attacks can make any pentester (or attacker) salivate. Lets talk about how to find and fix them.

As I was doing chores around the place today (thatching the lawn.. ugh). I saw a post about a new CVE in WordPress. It’s an SQLi… As a former dev, let me say this: THERE IS NO EXCUSE FOR SQLi. NONE. ZERO. NADA.

The urgency to “do something” to increase defenses against ransomware has never felt more critical. However, it can be difficult to know where to focus. It doesn’t help that every security vendor on the planet sells you their security software as the golden ticket, only to find out later that it fools gold.

Tired of Pen Test Fallout? Get Focused Remediation with Virtual Red Teamer

Penetration testing should be drastically different than your vuln management program. Sure - there might be some overlap between exploitable vulnerabilities, but those similarities end at 10:15 on Monday morning.

While LLMNR and NBT-NS provide convenient name resolution services on local networks, especially in environments where DNS configuration is minimal or non-existent, they also present significant security vulnerabilities.