Stay up to date on the latest tech trends, IT news, and cybersecurity threats with our educational blog.

Penetration Testing

In Scope or Out of Scope?

In penetration testing, it’s important to have an accurate scope and even more important to stick to it. This can be simple when the scope is limited to a company’s internet service provider (ISP) or ARIN provided IP ranges. But in many cases, our client’s public systems have grown to include multiple cloud hosted servers, applications, and services.

Learn More
Penetration Testing Myths, Truths, & Best Practices

SynerComm partnered with ChannelBytes to present 60 minute session where we discuss what it means to do quality, modern penetration testing in 2020.

Learn More
SynerComm Reboots a Security Staple with 'Continuous' Pentesting

SynerComm discusses Continuous Penetration testing with Dark Reading as a part of the Black Hat USA 2020 virtual conference.

Learn More
Building a Pwnagotchi

Pwnagotchi is an A2C-based “AI” powered by bettercap and running on a Raspberry Pi Zero W that learns from its surrounding WiFi environment in order to maximize the crackable WPA key material it captures. This material is collected on disk as PCAP files containing any form of handshake supported by hashcat, including full and half WPA handshakes as well as PMKIDs.

Learn More
Continuous Penetration Testing

Having been part of the penetration testing industry for over 15 years, I’ve been challenged by many clients with this very question. The fact is that they are right, a penetration test is a point-in-time assessment and new vulnerabilities are discovered every day. We hope that our patch and vulnerability management processes along with our defensive controls keep our systems secure.

Learn More
Stop Sharing Your Password with Everyone

Palo Alto Networks firewalls have the ability to create security policies and generate logs based on users and groups, and not just IP addresses. This functionality is called User-ID. User-ID™ enables you to map IP addresses to users on your network using a variety of techniques.

Learn More
AWS Metadata Endpoint - How to not get pwned like Capital One

One of the greatest, yet seemingly unknown, dangers that face any cloud-based application is the deadly combination of an SSRF vulnerability and the AWS Metadata endpoint. As this write up from Brian Krebbs explains, the breach at Capital One was caused by an SSRF vulnerability that was able to reach the AWS Metadata endpoint and extract the temporary security credentials associated with the EC2 instance's IAM Role.

Learn More
Lessons Learned from Pentesting - What Should Keep You Up At Night

With over 15 years in information security, I feel like I've seen it all. And while I can't claim to be a great penetration tester myself, I can say that I work with some truly talented pentesters. I can also feel confident stating that I've read more pentest reports than most. So, having this background… I get asked by businesses and defenders all the time, "What advice would you give?" and, "What lessons can be learned?"

Learn More
Why 14 Characters?

This blog/article/rant will cover a brief background of password cracking as well as the justification for SynerComm’s 14-character password recommendation.

Learn More
How to build a (2nd) 8 GPU password cracker

In February 2017, we took our first shot at upgrading our old open-frame 6 GPU cracker (NVIDIA 970).  It served us well, but we needed to crack 8 and 9-character NTLM hashes within hours and not days. The 970s were not cutting it and cooling was always a challenge. Our original 8 GPU rig was designed to put our cooling issues to rest.

Learn More
1 2 3 4
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram