Stay up to date on the latest tech trends, IT news, and cybersecurity threats with our educational blog.

Pentesting

Scheduled Tasks With Lucee: Abusing Built In Functionality For Command Execution

What is Lucee? Lucee is an open-source Cold Fusion Markup Language (CFML) application server and engine intended for rapid development and deployment. It provides a lot of out of the box functionality (tags and functions) to help build web applications. However, if an attacker has access to the Lucee dashboard, these very same functions allow […]

Learn More
What Does Chat GPT Think About Password Hash Assessments?

SynerComm's marketing team likes to ask our pentesters for help with their messaging. Like all good hackers, we adapt, automate and improve. So, when we asked our team for some helpful marketing messages, Dylan R. responded within seconds with this. Password security assessments are important because they help ensure that the passwords being used to […]

Learn More
Cloud Security - How to Find (and Fix) Hidden Vulnerabilities

Consolidating data centers, increased business agility and reduced IT system costs are a few of the benefits associated with migrating to the cloud. Add to these improved security and it makes a compelling case for cloud migration. As part of the digital transformation process, companies may implement what they consider the best tools, and have […]

Learn More
Time to Upgrade from Outdated Managed Vulnerability Scanning to Continuous Attack Surface Management

Whether you are vulnerability scanning to meet compliance requirements or doing it as part of good security practices, there is a universal need. At the time of this article, there are essentially three equally capable and qualified scanning solutions. They include products from Tenable, Rapid7 and Qualys. My point is that each of these scanning solutions, if configured correctly, should produce accurate and similar results.

Learn More
In Scope or Out of Scope?

In penetration testing, it’s important to have an accurate scope and even more important to stick to it. This can be simple when the scope is limited to a company’s internet service provider (ISP) or ARIN provided IP ranges. But in many cases, our client’s public systems have grown to include multiple cloud hosted servers, applications, and services.

Learn More
Penetration Testing Myths, Truths, & Best Practices

SynerComm partnered with ChannelBytes to present 60 minute session where we discuss what it means to do quality, modern penetration testing in 2020.

Learn More
SynerComm Reboots a Security Staple with 'Continuous' Pentesting

SynerComm discusses Continuous Penetration testing with Dark Reading as a part of the Black Hat USA 2020 virtual conference.

Learn More
Continuous Penetration Testing

Having been part of the penetration testing industry for over 15 years, I’ve been challenged by many clients with this very question. The fact is that they are right, a penetration test is a point-in-time assessment and new vulnerabilities are discovered every day. We hope that our patch and vulnerability management processes along with our defensive controls keep our systems secure.

Learn More
AWS Metadata Endpoint - How to Not Get Pwned like Capital One

One of the greatest, yet seemingly unknown, dangers that face any cloud-based application is the deadly combination of an SSRF vulnerability and the AWS Metadata endpoint. As this write up from Brian Krebbs explains, the breach at Capital One was caused by an SSRF vulnerability that was able to reach the AWS Metadata endpoint and extract the temporary security credentials associated with the EC2 instance's IAM Role.

Learn More
Lessons Learned from Pentesting - What Should Keep You Up At Night

With over 15 years in information security, I feel like I've seen it all. And while I can't claim to be a great penetration tester myself, I can say that I work with some truly talented pentesters. I can also feel confident stating that I've read more pentest reports than most. So, having this background… I get asked by businesses and defenders all the time, "What advice would you give?" and, "What lessons can be learned?"

Learn More
1 2 3 4
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram