The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • AWS Slurp Github Takeover

    August 28, 2018, Logan Evans, Associate, Coalfire Labs, Coalfire

    Slurp is a tool used by information security professionals to enumerate AWS S3 buckets. Slurp takes a domain name (example.com) or wordlist as input and cycles through likely S3 bucket names (example.s3.amazonaws.com) looking for any world-read/writeable buckets. S3 buckets are a great find for offensive security pros because they are commonly misconfigured. This leads to things like the famous RNC Voter Records breach or Verizon’s 2017 breach.

    Read more
  • The Dangers of Client Probing on Palo Alto Firewalls

    August 15, 2018, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire

    While performing a routine internal penetration test, I began the assessment by running Responder in analyze mode just to get an idea of what was being sent over broadcast. Much to my surprise, I found that shortly after running it, a hash was captured by Responder’s SMB listener. 

    Read more
  • Google Cloud NEXT '18: A Growing Event with Much to Offer

    August 09, 2018, Dan Stocker, Practice Director, Payments, Cloud & Tech

    If you want to learn what's up and coming for Google Cloud and make some great connections, Google Cloud NEXT is an informative, lively event to prioritize on your conference calendar. Coalfire attended the recent Google Cloud NEXT '18 conference in San Francisco (July 24-27) and found it to be a good venue to meet existing customers, make new contacts, and attend informative technical sessions. This is the second year for Google Cloud's conference, and it proved to be a platform for many product and feature announcements while conveying a strong security theme. In addition to the many technical talks on security topics, Google Cloud made several important service announcements related to security; this blog post will review a few of the more noteworthy topics.

    Read more
  • Our Analysis: Gartner’s Hype Cycle for Risk Management, 2018

    August 08, 2018, Bob Post, Senior Practice Director, Cyber Risk Advisory, Coalfire

    For those of us charged with managing cyber risk as well as planning and budgeting for cybersecurity, the Gartner “Hype Cycle for Risk Management, 2018” provides some helpful perspectives that are useful in setting both priorities and expectations.

    Read more
  • Humans Are the Weakest Link in Security

    July 17, 2018, Mike Weber, Vice President, Coalfire Labs

    In our recent analysis of penetration testing engagements contained in our Penetration Risk Report, we discuss the impact that social engineering, specifically phishing, has on the ability to allow attackers insider access to compromise an organization.

    Read more
  • Displaying results 6-10 (of 313)
     |<  <  1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics

Archives

Tags