Invite to discuss

Want posts & news about #remote on your wall?

Sign Up

remote

Posts
585
Experts
183
Views
319.8K
Shares
1.3K
Upvotes
6.2K

Posts

How To Get More Results out of Your PenTesting Process

We often forget that there’s more to PenTesting than just diving in and getting root. Vulnerability assessment, often described as another name for PenTesting, is a complex process and without proper knowledge of the subject, you are not going to get much out of it. While these two terms may be used commonly, there is a difference which lies in the exploitation and orientation: Vulnerabili… Read more
Start the discussion...

SAP ABAP PLATFORM SECURITY

The previous articles of SAP Security for CISO series covered examples of potential attacks on these systems, so now it is high time to learn how these attacks can be conducted via vulnerabilities discovered in SAP systems. At the outset, let’s consider patching process in SAP. When the vendor fixes vulnerabilities in its program components, it releases an SAP Security Note. It is a small… Read more
1
Start the discussion...
Thomas DEBIZE

BSidesLV 2017: Hadoop Safari - Hunting For Vulnerabilities

With the growth of data traffic and data volumetric analysis needs, “Big Data” has become one of the most popular fields in IT and many companies are currently working on this topic, by deploying Hadoop clusters, which is the current most popular Big Data framework. As every new domain in computer science, Hadoop comes (by default) with truly no security. During the past years we du… Read more
1
1
Join the discussion...
Thomas DEBIZE
Just a last-minute reminder for attendees: the time slot for our talk has been changed from the 25th 15:00 to the 26th 10:00. The venue is still Florentine F on the Common Ground track.
ThreatModeler

How To Avoid “Death by a Thousand Cuts”

In a recent CSO online opinion article[i], author Jon Oltsik makes the observation that cybersecurity‍ is more difficult now than it was in 2015. The challenge is not from a new “killer problem” introduced to the threat landscape‍, but the vast myriad security problems faced by CISO‍s keeps getting worse. It is, according to Oltsik, a situation amply descr… Read more
1
2
Join the discussion...
Anthony Noblett CISSP, CISA, CGEIT, CRISC, CCSK
Good article and I think the results match with my own experience. The deluge of security alerts and the complexity of the SIEM tool sets are a hinderance not a help. When tools take on a life of their own they are no longer helpful. Unfortunately DLP, SIEM, IDS and log parsing are no longer helpful and are checkboxes on the compliance checklist.
1

Researcher finds 11 remote vulnerabilites in FreeRadius

Researcher Guido Vranken has found 11 vulnerabilites in FreeRADIUS via fuzzing. That's about the same amount as in the last 10 years all together. FreeRADIUS is the most used RADIUS server in the world. RADIUS (Remote Authentication Dial In User Service) is a AAA system used by large internet providers, telecom companies and Fortune 500 companies and several other organizations. The vulnerab… Read more
1
Start the discussion...

Building A Global Nation State SMB Exploit Honeypot Infrastructure With A £50 Budget #EternalPot

Note to post: All words, IP ownership, analysis, opinions, data, graphs et al are the property of Kevin Beaumont and where altered and extracted are done so remaining true to the original meaning / assertions. From and article by "Kevin Beaumont InfoSec, from the trenches of reality. Email kevin.beaumont@gmail.com | Twitter: @gossithedog on Twitter" titled "EternalPot — Less… Read more
1
3
Join the discussion...
Alain Griffen
Mr. Beaumont predicted that this would happen back in April 2017: Anyone could have predicted the exploit would happen in Sept 2016, if they followed https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/"One thing I will say — I don’t want to name the vendors, but some of the biggest next-generation security products simply aren’t detRead more
1
2