Contributed By: Rob Fuller TL;DR: SMB Relay + LNK UNC icons = internal pentest pwnage I need to touch on the highlights of two vulnerabilities before we talk about the fun stuff, but I highly encourage you to read the references at the bottom of this post and understand the vulnerabilities after you are done [...]

Contributed By: Pete Herzog For those of you who are interested in taking a security class that promises to teach you ethical hacking and how to think like the enemy, let me save you some time and money on what you will learn: Find who and what interacts with your target. Search those things for [...]

Sorry, but you do not have permission to view this content.

Article by Rob Fuller TL;DR: SMB Relay + LNK UNC icons = internal pentest pwnage I need to touch on the highlights of two vulnerabilities before we talk about the fun stuff, but I highly encourage you to read the references at the bottom of this post and understand the vulnerabilities after you are done with [...]

Article by Pete Herzog For those of you who are interested in taking a security class that promises to teach you ethical hacking and how to think like the enemy, let me save you some time and money on what you will learn: Find who and what interacts with your target. Search those things for [...]

Cloud-based IT GRC solution enables accurate, affordable and self-directed HIPAA compliance assessments  LOUISVILLE, Colo. (January 11, 2012) – The Health Information Technology and Clinical Health (HITECH) Act, enacted in 2009, promotes the adoption of electronic health records (EHRs) and extends the reach of the 1996 Health Insurance Portability and Accountability Act (HIPAA). As a result, [...]

1/9/2012 Utility gives penetration testers an easily deployable and flexible port scanning (Cleveland, Ohio) Today SecureState is releasing a new extension for Metasploit’s Meterpreter called MSFMap. This new utility provides an NMap-like port scanner from within the context of a Meterpreter session. This gives penetration testers an easily deployable and flexible port scanning utility. Having [...]

Social engineering is known to be a way of manipulating people into revealing their personal information or breaking their normal security procedures. The general purpose of this type of deception is to gather information, commit fraud, or to gain access to computer systems. Techniques All the techniques social engineers use play into the natural decision-making [...]

SDLC Background Information The concept of integrating security into the Software Development Life Cycle (SDLC), while generating much popular press recently, is an already-familiar concept at SecureState. We have been helping clients to build security into their Software Development Life Cycle (SDLC) for several years, and have honed our expertise in the process. SecureState always [...]

Recent news headlines contrast privacy and security, with regard to relinquishing portions of our privacy for the benefit of security. For example, airports implementing backscatter scanner X-ray imaging, devices that very graphically depict body images, under the guise of protecting passengers. While this debate has merit, it does not address the more global differentiation of [...]

Introduction (My name is Bob and I am a Ninja) Early last year the new PCI Approved Scanning Vendor (ASV) Program Guide was released. The new ASV scanning procedures required some significant changes which caused current ASVs to rush to get these changes implemented. If you are a scan client which is required to have [...]

This is a case study of a real-life example of how vulnerabilities in third party web applications, as well as internally coded web applications, can be linked together in such a way that code execution is possible on the underlying operating system. Many Organizations Assume Their Third Party Web Applications Are Secure Many organizations falsely [...]