Uncategorized

If you found your way to this blog post, you are interested in penetration testing and want to know how to begin your career in the field. Whether you are a college student, already in the IT space, or work in an entirely different field, the first and best piece of advice is to just hit the ground running. There is a lot to learn but there are also so many great resources to ... READ MORE

Introduction There is an area in most websites where protections like the ones found on most login pages aren't present; the box where you type the promo/coupon code. An organization with a strong security posture for login pages will usually have several layers of defense-in-depth in place, such as the following: CAPTCHA challenges Rate limiting IP deny-listing ... READ MORE

The Double-Edged Sword of Blockchain Innovation  In an era characterized by unprecedented digital innovation, one frontier stands out as both a beacon of potential and a minefield of risk: the blockchain industry. Renowned for its capabilities of instigating transformative changes across sectors, blockchain technology is now ubiquitous, powering cryptocurrencies and ... READ MORE

Over 100 years ago, the Great War was being waged in what is now central and eastern Europe, along with Russia. During the “war to end all wars,” the world saw significant technology changes that brought new, and often terrifying, ways to inflict damage on people and countries. Fast forward to early 2022 and the Russia-Ukraine war, where we are seeing another wave of ... READ MORE

In a directive posted on May 18, 2022, the Cybersecurity and Infrastructure Security Agency (CISA) declared that all Federal Civilian Executive Branch agencies were required to perform actions on several VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation vRealize Suite ... READ MORE

After hours of OSINT (Open-Source Intelligence) and social engineering campaigns, your Red Team has finally obtained the coveted internal shell. The username, IP address, host and operating system information populates your (Command and Control) C2 framework interface, and a new stage of the engagement begins. But now that you have the shell, where do you go from here? Truth ... READ MORE

Late last year, news spread in the cybersecurity community about the zero-day Apache Log4j vulnerability. This vulnerability was somewhat unique—it was dangerous enough to warrant breathless news coverage, causing concern far outside of cybersecurity circles. RSM’s advice for organizations affected by the vulnerability was simply, “Drop everything and fix it. Now.” That level ... READ MORE

The experience is almost universal—you notice an unknown, but not entirely unfamiliar number flash across your screen during your workday. Because the number shares an area code with your location, you assume that you’re finally receiving a follow-up from your mechanic, or your doctor’s office, or your banker. When you answer, the voice on the other end (often automated) ... READ MORE

This will be a miniseries of posts; this is part 1 of 4. I was advised by a leader long ago in my consulting career to never do “Free Consulting.” I still strongly believe in that sentiment today, but there is also a part of me that wants to give back to the community, and this post is my and RSM Defense’s way of doing so. I also strongly believe that in 2022, threat actor ... READ MORE