The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • Continuous Monitoring in the Cloud

    June 01, 2018, Michael Pitcher, Vice President, Technical Cyber Services, Coalfire Federal

    I recently spoke at the Cloud Security Alliance’s Federal Summit on the topic “Continuous Monitoring / Continuous Diagnostics and Mitigation (CDM) Concepts in the Cloud.” As government has moved and will continue to move to the cloud, it is becoming increasingly important to ensure continuous monitoring goals are met in this environment. Specifically, cloud assets can be highly dynamic, lacking persistence, and thus traditional methods for continuous monitoring that work for on-premise solutions don’t always translate to the cloud.

    Read more
  • PowerShell: In-Memory Injection Using CertUtil.exe

    May 31, 2018, Shane Rudy, Senior Security Consultant, Coalfire Labs

    Have you ever heard the old saying,” The only constant in life is change?” Nothing is truer in the world of penetration testing and information security than the certainty of change. New defenses are always emerging, and the guys and gals in the red team game are always having to evolve our efforts to evade defenses. This week was one of those weeks for me.

    Read more
  • Exploiting an Unsecured Dell Foglight Server

    May 23, 2018, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire

    Dell Foglight for Virtualization is an infrastructure performance monitoring tool that can also be used to manage systems as well. It comes configured with a default username and password of “foglight.”

    Read more
  • Pro Tip: The Right Way to Test JSON Parameters with Burp

    May 21, 2018, Dan McInerney, Senior Security Consultant, Coalfire

    Here’s a Burp trick you might not know, which helped find this instance of command execution and lots of SQL injection in other applications. Despite PortSwigger claiming otherwise, Burp does not parse JSON very well, especially nested JSON parameters and values like you see below.

    Read more
  • PCI DSS v3.2.1 – What You Need to Know

    May 18, 2018, Karl Steinkamp, Director, PCI Product and Quality Assurance

    On Thursday, May 17, the PCI Security Standards Council (PCI SSC) released an updated version of the PCI DSS standard, primarily to include clarifications and minor revisions around controls that referenced SSL/early TLS. The new version removes notes referring to the effective date of February 1, 2018 for applicable requirements, as this date has passed. Unlike prior PCI DSS version updates, this update does not include any new control requirements. With that in mind, there are some key specifics that are applicable to merchants and service providers.

    Read more
  • Displaying results 26-30 (of 316)
     |<  <  2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10 - 11  >  >| 

Recent Posts

Post Topics

Archives

Tags