The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • Humans Are the Weakest Link in Security

    July 17, 2018, Mike Weber, Vice President, Coalfire Labs

    In our recent analysis of penetration testing engagements contained in our Penetration Risk Report, we discuss the impact that social engineering, specifically phishing, has on the ability to allow attackers insider access to compromise an organization.

    Read more
  • Executing Meterpreter on Windows 10 and Bypassing Antivirus

    June 26, 2018, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire

    One of my Labs colleagues recently published an article on the Coalfire Blog about executing an obfuscated PowerShell payload using Invoke-CradleCrafter. This was very useful, as Windows Defender has upped its game lately and is now blocking Metasploit’s Web Delivery module. I wanted to demonstrate an alternate way to achieve the same goal, without dropping any files on the host system while providing more options depending on what ports can egress the network.

    Read more
  • The Threats That Are Your Weakest Link

    June 25, 2018, Mike Weber, Vice President, Coalfire Labs

    Coalfire published the latest report in its Securealities series, The Penetration Risk Report, and it’s based on findings from Coalfire penetration tests. It includes data drawn from engagements with businesses of all sizes, spanning financial services, retail, healthcare, and technology/cloud service providers. Some findings were contrary to current accepted wisdom on cybersecurity while other findings confirmed long held notions for others.

    Read more
  • How I Found CVE-2018-8819: Out-of-Band (OOB) XXE in WebCTRL

    June 11, 2018, Darrell Damstedt, Senior Consultant, Coalfire Labs, Coalfire

    I like to do bug bounties from time  to time, mostly when I am sacrificing sleep once the kids are finally out cold.  This seemed like a worthy experience to document. Let me just start by saying I  don't plan on going into the whole recon bits too deeply here. Maybe I will someday if I ever have enough time to give the topic the justice it deserves. 

    Read more
  • Pro Tips: Testing Applications Using Burp, and More

    June 08, 2018, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire

    Burp Suite is one of my favorite tools for web application testing. The feature set is rich, and anything that it does not do by default can usually be added with an extension. There are a few things, however, that while they exist in Burp Suite, are not completely intuitive. Below are a few pro tips to help you get the most out of your web application tests.

    Read more
  • Displaying results 6-10 (of 69)
     |<  <  1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics

Archives

Tags