The year 2022 has wrapped up and I find it helpful to share some of the most common findings I have encountered throughout the year. Some of these may not be surprising as they are covered in almost every cybersecurity awareness training course there is. However, it...
As with any industry, with jargon comes confusion and misunderstanding. 2022 saw a huge rise in the popularity of the buzz-word “Red Team”, but what is the essence of a Red Team? Popular opinion on social media may say “it’s a pentest with no scope,” but that’s a...
When on the cusp of receiving an external penetration test, clients want to prepare themselves for it. We often get asked what’s the easiest way to improve their score before the engagement has begun. Below are the top 3 ways to improve your external penetration...
Our last blog post regarding OSINT and Recon briefly discussed some exciting topics. In this blog post, we will continue with that thread and discuss some tradecrafts used by investigators and Pentesters. Only some investigators and pentesters utilize these exact...
OSINT OSINT stands for Open-Source Intelligence. It is the action of gathering information that is publicly available and analyzing it for intelligence purposes. First, let’s look at what type of data can be considered Open-Source. Data or information...
When creating a defensive plan against cyber-attacks, knowing your adversary is paramount. Often after the shock has worn off from a breach, the affected company will ask themselves, “Why us?”. It’s a valid question that organizations should ask...
