Establishing a beachhead is an important objective during many of our security assessments. To gain further access into an environment we need to get access to an Internet facing system, which can then be used to pivot into the network. The walkthrough below is a real life example, taken from one of our projects
During the ongoing COVID-19 outbreak many security professionals have by necessity been operating tactically & in response mode, trying to identify and mitigate the security risks of organisations that have had to move rapidly to remote working.
While some organizations are halting their use of Zoom due to security concerns and alerts that come on a seemingly daily basis; in some cases it might be the only option for some people and is still an immensely popular solution for remote meetings.
In one of my past lives, before cyber security came along, I was a hostage negotiator. To give you an idea of just how long ago, during my training we were negotiating (through an interpreter) with “terrorists” who were holding “hostages” in a (very real) airliner, surrounded by (also very real) armed police, parked just off one of the (very busy) runways at London’s Heathrow Airport.
As we are constantly evaluating and refining our methodology for cloud penetration testing in a rapidly changing landscape, with both cloud native and hybrid cloud environments, we sometimes have a hard time placing our approach into established contexts of an on-prem world.
In our season finale, Mike and Davin are joined by Cynthia Boumann, Head of Global Audit at Dover Corporation. She share her insights on the universe of risk, living through the winter storm in Texas, and why there should be now be a larger conversation on infrastructure and resilience.
Davin is joined by senior penetration tester, Cayce Mahon, and the two discuss how she went from inking to leet hacking, why Infosec is similar to art, favorite pwnage moments (naming no names), and why more women need to step into cyber security.
Davin is joined by ex-covert intelligence expert and strategic advisor to OccamSec, Bob Hayes, to discuss intelligence operations in relation to the SolarWinds event, organized crime groups, the biggest secret of the intelligence space, and nearly getting run over by a nuclear submarine.