General

Penetration Testing – Expectation vs Reality

Figuring out what actually constitutes a penetration test can be a surprisingly tough question to resolve.  Between scanning vendors exaggerated claims and a misunderstanding of what real-world penetration testing can produce, it can take a CISSP to untangle the details.  However, by the end of this post, you’ll know what real-world penetration testing ought to …

Penetration Testing – Expectation vs Reality Read More »

Data vs Damage: Comparing Threats and Risks Between IT and OT

Any company that wants to maintain a competitive edge in today’s global economy needs to work faster, cheaper, longer, and more precisely than ever before. In the wake of a pandemic that ran employees out of the office for over a year, the workforce has evolved dramatically. From one which previously relied primarily on remote …

Data vs Damage: Comparing Threats and Risks Between IT and OT Read More »

COVID-19 Cyberattacks

Scams and cyber-attacks based around COVID-19 misinformation are on the rise. The following is a regularly updated list of legitimate data from sources such as the WHO, CDC, and John Hopkins University. https://www.who.int/emergencies/diseases/novel-coronavirus-2019 https://www.cdc.gov/coronavirus/2019-ncov/index.html https://coronavirus.jhu.edu Staying safe while at home requires healthy skepticism. Below are resources to assist in the identification of fake and scam …

COVID-19 Cyberattacks Read More »

Please Don’t Pass to ‘Exec’ – Making Web Requests in Sleep

tl;dr To avoid dependency issues take advantage of built in Java functionality provided by the Sleep scripting language used to write Cobalt Strike Aggressor Scripts. This post examines making web requests without passing execution to an external binary and also discusses using threading to make long requests in the background. Why? Recently I was working to build …

Please Don’t Pass to ‘Exec’ – Making Web Requests in Sleep Read More »

Scroll to Top