The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • The Unhealthy Security of Healthcare

    September 25, 2018, Qasim Ijaz, Director, Coalfire Labs

    I have been involved in a number of healthcare penetration tests here at Coalfire and in my previous roles. I have hacked electronic medical records, medical devices, and most importantly, humans. From my time as a systems engineer at a medical device and systems vendor to my current role at Coalfire as a penetration tester, I have seen a few healthcare organizations grow from highly insecure to cyber-fortresses. In this blog, I will highlight the most common issues my teammates and I come across while penetration testing healthcare environments.

    Read more
  • Leading in Privacy

    September 25, 2018, Mali Yared, Director, Cyber Risk Advisory, Coalfire

    On September 24, I was pleased to represent Coalfire (and private-sector expertise) by attending the kickoff for the Privacy Framework at the Brookings Institute in Washington, D.C. The event was attended by notable leaders in the industry and government: The Departments of Transportation and Commerce, the Information Technology Industry Council, Intel, Citrix, National Telecommunications, and various other notable public and private-sector leaders in the industry. The National Institute of Standards and Technology (NIST) is taking steps toward pulling the various, splintered privacy initiatives in our nation together into a focused approach – and it is very exciting to see.

    Read more
  • Phantom Acquisition Lets Splunk SOAR

    September 12, 2018, Matt Alshab, Certified Splunk Admin

    At the SplunkLive! Conference in Washington, D.C., Splunk gave a presentation on Phantom, a Security Orchestration, Automation, and Response (SOAR) system. Splunk acquired Phantom this year for $350 million.

    Read more
  • From OSINT to Internal: Gaining Domain Admin from Outside the Perimeter

    September 11, 2018, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire

    When I first began working at Coalfire in early 2017, I couldn’t wait to get started pentesting professionally for the first time. When I finally got tasked with my first gig, I dove right in. I was tasked to perform an assessment of the external network. After hitting all known servers and web applications with various scanning tools, I had nothing. For a penetration tester, the assessment does not end here.

    Read more
  • Exploiting Blind Java Deserialization with Burp and Ysoserial

    September 04, 2018, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire

    While performing a web application  penetration test, I stumbled upon a parameter with some base64 encoded data within a POST parameter. Curious as to what it was, I sent it over to Burp decoder.

    Read more
  • Displaying results 1-5 (of 313)
     |<  < 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics

Archives

Tags