Breakthrough Listen Teams Up with SETI Institute to Host Out of This World Wireless Research Conference

The GNU Radio Foundation recently teamed up with the UC Berkeley SETI Research Center and the Breakthrough Listen project to sponsor the SETI RF Hackathon, an unprecedented wireless hackathon event. Encompassing the ultimate in Internet-of-Things (IoT) and signals hacking, professionals specializing in machine learning, radio frequency (RF), and cyber security converged at the Allen Telescope Array in California in May…. Read More

reconnaisance penetration testing

The Beginner’s Guide to External Penetration Testing Reconnaissance

External penetration testing reconnaissance is a critical first step in a professional security assessment. By using the same methods and resources that attackers use to get into networks, along with open source intelligence, pen testers can get a much richer profile of an organization’s security strengths and weaknesses and conduct more successful and accurate assessments. In… Read More

powerpoint mouseover phishing

[Video] View the PowerPoint Mouseover Phishing Technique in Action

In this post, we’ll take look at one of the latest hacking techniques involving PowerPoint and the mouseover action. Check out our demo video to see the technique in action. The PowerPoint mouseover technique disrupts a decade’s worth of user awareness education. As security professionals, we constantly warn employees to be aware of phishing emails with malicious links… Read More

mail appliances

How Our Pen Testers Get Through Your Mail Appliances

For the final blog post in our series on lessons learned from 2016 security assessments, we’ll discuss a high-risk issue our penetration testers and consultants often come across: filtering malicious emails. In our assessments, sending phishing emails with malicious payloads or links is the most common method we use to get initial access to a network…. Read More

weak service account passwords

Inside Kerberoasting: Cracking Weak Network Service Account Passwords

In our previous blog posts, we demonstrated how important it is for penetration testers to get credentials that grant administrative access over hosts within the organization to escalate their permissions. This week, we will discuss a relatively recent privilege escalation technique known as Kerberoasting, which pen testers and malicious hackers can use to crack weak network service account… Read More

Navigating Clear Text Password Vulnerabilities

Accessing Clear Text Administrative Passwords In our last blog post, we showed how pen testers can use misconfigurations within Active Directory group management to escalate privileges. However, that technique is heavily dependent on having access to privileged or misconfigured accounts in the first place. This week, we discuss another finding that we frequently take advantage of… Read More