The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • Takeaways from GAM 2018: Internal Audit Embraces Cybersecurity

    March 21, 2018, Nick Son, Vice President, Cyber Risk Services, Coalfire

    Last week, the Institute of Internal Auditors (IIA) held its 2018 Global Audit Management Conference at the Aria Resort in Las Vegas. With over 1,700 attendees, this was the most well-attended event in the history of the conference. Coalfire was one of the sponsors, and we were delighted to meet with so many forward-thinking audit executives and practitioners.

    Read more
  • How I discovered CVE-2017-13707

    October 05, 2017, Michael Allen, Senior Consultant, Coalfire Labs

    New Vulnerability Found Using Techniques Taught at Black Hat USA

    One of the topics I teach in Coalfire's Adaptive Penetration Testing course, given most recently at Black Hat 2017, is manual privilege escalation on Linux- and Unix-based systems. I also talk about how common it is to gain an initial foothold in an environment by leveraging default or easily guessable login credentials. During a recent red team engagement, I leveraged both of these techniques – not only to fully compromise the organization's Active Directory environment, but also to discover and exploit a previously unknown vulnerability in the Replibit Linux distribution installed on a server on their network.

    Read more
  • Coalfire’s Adaptive Penetration Testing at Black Hat Helped Prepare Tomorrow’s Security Talent

    August 16, 2017, Ryan MacDougall, Sr. Security Consultant

    What makes a penetration tester highly successful? Most obviously, the technical skills to hack into a network, application, or location comes to mind first, and without those capabilities and the ability to continuously learn, an aspiring pen tester has a tough road ahead of them.

    Read more
  • Black Hat 2017: training, cybersecurity trends and end-point protection

    August 03, 2017, Marshall England, Industry Marketing Director, Technology & Cloud

    Every year, Black Hat is a highly anticipated event in the cybersecurity community—and Black Hat 2017 certainly did not disappoint! It was yet another year of record traffic, bustling with visitors from the security community that want to strengthen their security skills and postures. Organizations in the midst of digital transformations and digital native businesses alike sent security teams to learn about various tools and techniques to increase their knowledge of defense and breach prevention.

    Read more

Recent Posts

Post Topics

Archives

RSS Feed

The Coalfire BlogSubscribe to Feed
Chrome users will need to install RSS Subscription Extension (by Google)

Tags