Blogs
WannaCry? You Might.
Urgent Information Regarding WanaCrypt/WannaCry/WCry Ransom-ware Outbreak
Hijacking the CEO’s Email Account
Why Security Teams Need a Second Set of Eyes
During a recent penetration test, I hijacked the client’s email server, posed as the client CEO, and sent a fraudulent email to the client CFO asking the CFO to wire $10,000 USD to an offshore bank account.
On the Reliance of Client-Side Security
I recently conducted a penetration test of a web application. Because of design decisions, I was able to bypass CAPTCHA to brute force user accounts and, ultimately, bypass file upload restrictions to upload malware onto the web server and into the internal network environment.
What Are the Mistakes That Get Hackers Arrested?
At CRITICALSTART, we use a concept called the Defendable Network and map organizations to SecCon levels designed to give companies a chance against threat actors of varying skill levels. We group threat actors skill levels into: