Amanda Mesler of Microsoft Addresses the Women of Coalfire

April 09, 2018, Anne Bayerkohler, Director, Commercial Services, Coalfire

Last month RISE, Coalfire’s association of women in cybersecurity and leadership, welcomed our inaugural guest speaker, Amanda Mesler, General Manager of Microsoft Central and Eastern Europe. I had the great fortune to interview her and lead a discussion with our members.

Sleuthing the Cloud: The Challenges of Forensics in Cloud Environments

April 04, 2018, Robert Meekins, Director, Forensics, Coalfire

More and more companies are embracing Cloud computing for the practicality, efficiency, and economy of outsourcing the housing, maintenance, and monitoring of applications and their associated infrastructure to a third-party provider. As the Cloud becomes more the norm than the exception, there is no lack of choices: Providers such as Amazon (AWS), Microsoft, IBM, and countless others are providing a variety of solutions, from e-commerce sites that process payments and credit cards, to developmental networks used to test and configure operational assets.

Background Checks on AIs and Other Challenges in the PCI World

April 01, 2018, Dan Stocker, Practice Director, Payments, Cloud & Tech

Coalfire has noted a number of leading-edge technological challenges for enterprises managing the rapid pace of innovation while also aiming for PCI compliance. We'd like to review our recent experience and offer suggestions for these comparatively novel situations.

A Good Shell Is Hard to Choose

March 26, 2018, Killian Ditch, Senior Consultant, Labs

I had the recent opportunity to speak at BSides SLC, held on the Sandy campus of Salt Lake Community College. I tailored my presentation to the student demographic and chose to talk about one of the fundamental concepts that a penetration tester must understand: types of shells. I touched on the differences between simple shell interaction and a full-featured terminal and then launched into a discussion focusing on web shells. Following the theory conversation, I demonstrated how control over a server could be established by exploiting a file inclusion vulnerability and default credentials to deploy two different web shells, each adapted for the particular platform.

On Padding Oracle Attacks

March 22, 2018, John Stickle, Security Consultant, Coalfire

Poodle is a vulnerability found in late 2014, and it is still occasionally seen during penetration tests. The vulnerability allows an attacker with a man-in-the-middle position to downgrade a secure connection between a client and a server to the vulnerable SSLv3. After the connection is downgraded, the attacker can proceed to perform the padding oracle attack, recover known plaintext, and decrypt the ciphertext.