Our team has collected two years worth of internal penetration testing data to put together a white paper covering our most frequent footholds that lead to full network compromises. The data clearly shows that passwords and patching continue to be ... READ MORE
Main Content
From the War Room Blog
Distributed Security: Advancements in IT Governance using Multi-Party Computation (MPC)
Imagine never having to remember a password again. To some this might sound crazy, but by combining time-tested cryptography and new technological advancements, this far-fetched proposition is possible. Multi-party computation (MPC) protocols allow ... READ MORE
Building a Vulnerable Box – HTML5 VPN Portal
Years ago, I wrote a series of posts covering the basics of building and exploiting vulnerable machines for learning purposes. With my two most recent posts covering virtual labs, it seems like an appropriate time to revisit the topic. I've used ... READ MORE
Building a Lab Network – Faux Corporate Networks
Last month, I mentioned the possibility of setting up a second virtual firewall in a lab environment to simulate a corporate network with mock internal and external spaces. I frequently do this for CTFs, student pentesting projects, and more. ... READ MORE
SAP RECON CVE-2020-6287
On July 13, 2020, SAP software released a patch impacting the SAP NetWeaver Application Server Java versions 7.5 and earlier. The vulnerability dubbed RECON (Remotely Exploitable Code on NetWeaver) Specifically targets SAP NetWeaver Java while ... READ MORE
Building a Lab Network in Proxmox and Sophos UTM9
One of the best ways to acquire and maintain an offensive security skill set is to build a home lab and populate it with intentionally vulnerable machines. The most straightforward option is to simply spin up VMs in VirtualBox or VMWare Player and ... READ MORE