The Coalfire Labs Blog

Welcome to the Coalfire Labs Blog, a resource covering the most important issues in IT security and compliance.  The Coalfire Labs blog is written by the company's leadership team and our highly-credentialed security assessment experts.


  • IoT Adventures: The LeFun WiFi Camera

    October 03, 2018, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire

    Recently I happened to be in the market for a baby monitor, so I decided to search Amazon for an affordable device that would fit my needs. A search for “baby monitor” within the “electronics” department brought me to the LeFun WiFi Camera. For $39.99 (at the time of my purchase), this seemed like it could be a good deal. Knowing the reputation of Internet of Things (IoT) devices, I was curious about its security. This was addressed in the product description with the guarantee that when I connect to any device, it will be via a “secure and safe network” and will be secured with “financial-level encryption.” It also boasts that they are “CE, FCC, and RoHS certified,” which is good, despite those certifications only dealing with safety and not information security.

  • The Unhealthy Security of Healthcare

    September 25, 2018, Qasim Ijaz, Director, Coalfire Labs

    I have been involved in a number of healthcare penetration tests here at Coalfire and in my previous roles. I have hacked electronic medical records, medical devices, and most importantly, humans. From my time as a systems engineer at a medical device and systems vendor to my current role at Coalfire as a penetration tester, I have seen a few healthcare organizations grow from highly insecure to cyber-fortresses. In this blog, I will highlight the most common issues my teammates and I come across while penetration testing healthcare environments.

  • From OSINT to Internal: Gaining Domain Admin from Outside the Perimeter

    September 11, 2018, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire

    When I first began working at Coalfire in early 2017, I couldn’t wait to get started pentesting professionally for the first time. When I finally got tasked with my first gig, I dove right in. I was tasked to perform an assessment of the external network. After hitting all known servers and web applications with various scanning tools, I had nothing. For a penetration tester, the assessment does not end here.

  • Exploiting Blind Java Deserialization with Burp and Ysoserial

    September 04, 2018, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire

    While performing a web application  penetration test, I stumbled upon a parameter with some base64 encoded data within a POST parameter. Curious as to what it was, I sent it over to Burp decoder.

  • AWS Slurp Github Takeover

    August 28, 2018, Logan Evans, Associate, Coalfire Labs, Coalfire

    Slurp is a tool used by information security professionals to enumerate AWS S3 buckets. Slurp takes a domain name (example.com) or wordlist as input and cycles through likely S3 bucket names (example.s3.amazonaws.com) looking for any world-read/writeable buckets. S3 buckets are a great find for offensive security pros because they are commonly misconfigured. This leads to things like the famous RNC Voter Records breach or Verizon’s 2017 breach.

  • Displaying results 1-5 (of 70)
     |<  < 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >|