Takeaways from GAM 2018: Internal Audit Embraces Cybersecurity
March 21, 2018, Nick Son, Vice President, Cyber Risk Services, Coalfire
Last week, the Institute of Internal Auditors (IIA) held its 2018 Global Audit Management Conference at the Aria Resort in Las Vegas. With over 1,700 attendees, this was the most well-attended event in the history of the conference. Coalfire was one of the sponsors, and we were delighted to meet with so many forward-thinking audit executives and practitioners.
How I discovered CVE-2017-13707
October 05, 2017, Michael Allen, Senior Consultant, Coalfire Labs
New Vulnerability Found Using Techniques Taught at Black Hat USA
One of the topics I teach in Coalfire's Adaptive Penetration Testing course, given most recently at Black Hat 2017, is manual privilege escalation on Linux- and Unix-based systems. I also talk about how common it is to gain an initial foothold in an environment by leveraging default or easily guessable login credentials. During a recent red team engagement, I leveraged both of these techniques – not only to fully compromise the organization's Active Directory environment, but also to discover and exploit a previously unknown vulnerability in the Replibit Linux distribution installed on a server on their network.
Coalfire’s Adaptive Penetration Testing at Black Hat Helped Prepare Tomorrow’s Security Talent
August 16, 2017, Ryan MacDougall, Sr. Security Consultant
What makes a penetration tester highly successful? Most obviously, the technical skills to hack into a network, application, or location comes to mind first, and without those capabilities and the ability to continuously learn, an aspiring pen tester has a tough road ahead of them.
Black Hat 2017: training, cybersecurity trends and end-point protection
August 03, 2017, Marshall England, Industry Marketing Director, Technology & Cloud
Every year, Black Hat is a highly anticipated event in the cybersecurity community—and Black Hat 2017 certainly did not disappoint! It was yet another year of record traffic, bustling with visitors from the security community that want to strengthen their security skills and postures. Organizations in the midst of digital transformations and digital native businesses alike sent security teams to learn about various tools and techniques to increase their knowledge of defense and breach prevention.