Stay up to date on the latest tech trends, IT news, and cybersecurity threats with our educational blog.

Blog

Beyond Vulnerability Scanning: Strengthening Perimeter Cybersecurity

Over the past 20-years, I’ve used every major vulnerability scanner. There are several great scanners on the market, and SynerComm has continually used one of them from its free GNU public license years (pre-Oct. 2005), to its current version today. As the tactics, techniques, and procedures (TTP) of cyber-criminals evolved, our testing methodologies also adapted […]

Learn More
Exploring Initial Access Methods #01 - Shortcuts and Tunnels to the Kingdom

Understanding the various methods and Tactics, Techniques and Procedures (TTP's) by which attackers gain initial access to systems is crucial for developing robust defense mechanisms. Initial access represents the first phase of an intrusion, where threat actors initially breach a target's defenses to establish a foothold within an organization's network. This blog series aims to […]

Learn More
Continuous Pentesting and Its Many Names

Are you looking for a pentest? A continuous pentest? Or maybe attack surface management? We’ll never have a shortage of new terminology (and acronyms) to learn and understand. When evaluating security vendors and comparing their solutions, it’s critical that everyone is on the same page and speaking the same language. This article starts to shed […]

Learn More
Strengthening Healthcare Defenses

CMS's 2024 Cybersecurity Rules

Learn More
Spoofing Command Line Arguments to Dump LSASS in Rust

One of the popular methods for dumping LSASS is using the procdump.exe program from the Sysinternals Suite. Something like: However, Microsoft is well aware of this method, and it is being tracked along with several other common methods and tools. Now procdump is legitimate software with many use cases and it is signed by Microsoft. […]

Learn More
The Future of Business Applications and Data Center Access: Insights from SynerComm’s IT Summit

The recent 20th Anniversary of IT Summit was an eye-opener for tech enthusiasts, security professionals, and business leaders alike. This annual two-day event brings together IT leaders from across the country to learn about the latest strategies and challenges in the infrastructure, data center, and InfoSec communities. This year’s discussions revolved around the evolving landscape […]

Learn More
Navigating the Skies: TSA's New Cybersecurity Requirements for Airlines

In today's increasingly digital world, the aviation industry is more reliant on technology than ever before. As aviation systems become more connected and dependent on the internet, the risk of cyber threats to airlines and airports has grown significantly. In recognition of this evolving threat landscape, the Transportation Security Administration (TSA) has recently issued a […]

Learn More
Creating a Rootkit to Inject into a Protected Process and Dump LSASS

In my last blog post, I discussed one method of dumping LSASS where we created a DLL that we injected into Task Manager. We could then create an LSASS dump from Task Manager, and the DLL would hook the API calls responsible for creating the file and change the filename to something else. This allowed […]

Learn More
DEF CON 31 and Building A Wi-Fi Deauthentication Detector

Going to DEF CON was a dream I never thought would come to fruition. I remember 2009 being in 8th grade. Reading a physical copy of the magazine Wired. Sitting in the back of parent's minivan on the way to visit family in Milwaukee, WI, and seeing pictures and reading about the largest hacking conference […]

Learn More
Rotating Your Pentesting Vendor Is A Mistake!

Finding a great pentesting partner can be a challenge and there is much greater risk in changing firms than sticking with a partner you can trust. A good firm should have sufficient staff and work history to ensure that you can still get a new set of eyes without losing consistency or efficiency.

Learn More
1 2 3 10
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram