Stay up to date on the latest tech trends, IT news, and cybersecurity threats with our educational blog.

Pentesting

Time to Upgrade from Outdated Managed Vulnerability Scanning to Continuous Attack Surface Management

Whether you are vulnerability scanning to meet compliance requirements or doing it as part of good security practices, there is a universal need. At the time of this article, there are essentially three equally capable and qualified scanning solutions. They include products from Tenable, Rapid7 and Qualys. My point is that each of these scanning solutions, if configured correctly, should produce accurate and similar results.

Learn More
In Scope or Out of Scope?

In penetration testing, it’s important to have an accurate scope and even more important to stick to it. This can be simple when the scope is limited to a company’s internet service provider (ISP) or ARIN provided IP ranges. But in many cases, our client’s public systems have grown to include multiple cloud hosted servers, applications, and services.

Learn More
Penetration Testing Myths, Truths, & Best Practices

SynerComm partnered with ChannelBytes to present 60 minute session where we discuss what it means to do quality, modern penetration testing in 2020.

Learn More
SynerComm Reboots a Security Staple with 'Continuous' Pentesting

SynerComm discusses Continuous Penetration testing with Dark Reading as a part of the Black Hat USA 2020 virtual conference.

Learn More
Lessons Learned from Pentesting - What Should Keep You Up At Night

With over 15 years in information security, I feel like I've seen it all. And while I can't claim to be a great penetration tester myself, I can say that I work with some truly talented pentesters. I can also feel confident stating that I've read more pentest reports than most. So, having this background… I get asked by businesses and defenders all the time, "What advice would you give?" and, "What lessons can be learned?"

Learn More
Why 14 Characters?

This blog/article/rant will cover a brief background of password cracking as well as the justification for SynerComm’s 14-character password recommendation.

Learn More
DA 101 - Protecting your Domain Admin Account

At SynerComm's Fall IT Summit 2018 we presented a talk about the top 5 attacks used to compromise a Domain Administrator account. The AssureIT team put together a list of tools to help you check for these vulnerabilities in your network.

Learn More
OpenSSH < 7.7 - Username Enumeration Exploit

On August 15th, 2018 a vulnerability was posted on the OSS-Security list. This post explained that OpenSSH (all versions prior to and including 7.7) is vulnerable to username enumeration by sending a malformed public key authentication request (SSH2_MSG_USERAUTH_REQUEST with type publickey) to the service.

Learn More
Thoughts on Blocking Powershell.exe

Defenders do not view the world of infosec through the eyes of a determined, skilled attacker. They view the world through the quantity and quality of tickets generated by their SIEM (if they have one). It is true that a determined, skilled attacker (read and understand that) can work around a correctly implemented PowerShell block. One such method is to drop an exe to disk call a dlls.

Learn More
The Upside Down - Ventures into the 5GHZ Spectrum

In the hit Netflix series 'Stranger Things', the Upside Down is the parallel dimension inhabited by a monster. It is a dark and cold reflection of the dimension inhabited by humans, containing the same locations and infrastructure. When assessing wireless networks, I like to think of 5GHZ as 'the upside down'; a dark and cold spectrum where assessors have historically had limited visibility to see what is lurking within when compared to its 2.4GHZ peer.

Learn More
1 2 3
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram