Another M365 email outage... seriously just Google it... there are even multiple websites that monitor and tell you there is an outage but there is nothing you can do about it… or is there? Whether it is email, Azure, Teams or? What can you do? Better question yet… now, what are your employees doing while they wait?

Whether you are vulnerability scanning to meet compliance requirements or doing it as part of good security practices, there is a universal need. At the time of this article, there are essentially three equally capable and qualified scanning solutions. They include products from Tenable, Rapid7 and Qualys. My point is that each of these scanning solutions, if configured correctly, should produce accurate and similar results.

In penetration testing, it’s important to have an accurate scope and even more important to stick to it. This can be simple when the scope is limited to a company’s internet service provider (ISP) or ARIN provided IP ranges. But in many cases, our client’s public systems have grown to include multiple cloud hosted servers, applications, and services.

One of the things I have noticed while working at SynerComm is that while most companies have employees on staff who possess the necessary technical knowledge to complete their projects, many organizations lack the logistics knowledge that large‐scale deployments require.

Our team begins every project by listening to our customers carefully and hearing their asks. This listen‐first approach allows us to work with purpose, seeking and confirming our understanding of our customer's challenges by bringing questions and ideas to the table. Our customer interactions are guided by and benefit from the depth and breadth of our knowledge in both the IT infrastructure and logistics spheres.

SynerComm partnered with ChannelBytes to present 60 minute session where we discuss what it means to do quality, modern penetration testing in 2020.

SynerComm discusses Continuous Penetration testing with Dark Reading as a part of the Black Hat USA 2020 virtual conference.

Due to the ubiquity of technology within any business, contingency planning is a company-wide effort. Not only the planning, but the execution of the plan at any level will require the cooperation of business managers and technology managers.

The approach of a “lessons learned” exercise is a method of continuous improvement that is based on a singular event (COVID-19) or similarly related events.

Pwnagotchi is an A2C-based “AI” powered by bettercap and running on a Raspberry Pi Zero W that learns from its surrounding WiFi environment in order to maximize the crackable WPA key material it captures. This material is collected on disk as PCAP files containing any form of handshake supported by hashcat, including full and half WPA handshakes as well as PMKIDs.