The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.

  • To [Hell] Shell and Back

    October 27, 2016, Justin Berry, Security Consultant, Coalfire Labs

    My initial thought was it has to be the firewall keeping my reverse shell from getting out of their environment. So, leveraging the command execution vulnerability, I started testing outbound internet access from the vulnerable server to my server on the internet, only to find that the port I had been using all along in the initial Metasploit attempt was allowed out. This left me with a sense of disappointed optimism because the firewall isn’t blocking it, but for some reason it isn’t working. “Maybe it’s getting caught by Anti-Virus”, I thought. I used the command execution to generate and execute an FTP script that would download a payload from my server. The logs on my server showed an active download from the target companies network. “.. Excellent..”, I mischievously muttered to myself in my best Mr. Burns impression.

    Read more
  • What does the FBI have to say about ransomware

    October 03, 2016, Tom Glaser, Healthcare Solutions Architect, Coalfire

    The FBI provided guidance on ransomware at a recent FBI/US Secret Service/ISAC event.  They defined ransomware as a type of malware that is commonly transmitted through malicious email, which is disguised to look normal.  Once the email link has been clicked on, or an email attachment has been opened, the malware installs on the computer.  After installation is completed, files on the computer become locked using encryption and cannot be opened without the key.  A ransom message is then displayed with information on how to pay the ransom.

    Read more
  • Thoughts on BSides Las Vegas 2016

    August 22, 2016, John Skipper, Associate Security Consultant, Coalfire Labs

    I recently attended “Infosec Week” in Vegas - Black Hat, BSides and DEFCON.  BSides is a high point every year.  This smaller Con has a plethora of perks which make it a “must attended” and also offers many of the same benefits or advantages or opportunities as Black Hat and DEFCON.

    Read more
  • Best of Enterprise and AD Exploitation at Black Hat / DEFCON

    August 22, 2016, Marcello Salvati, Senior Security Researcher, Coalfire Labs

    Lots of hacks, lots of people, lots of content, and lots of parties. That basically sums up this year’s BlackHat and Defcon. The two conferences seem to get bigger every year with no sign of slowing down, which emphasizes how cybersecurity is becoming more and more of an issue for everyone:  governments, fortune 1000 companies, small businesses and single individuals alike.

    Read more
  • What is Defcon

    August 17, 2016, Justin Wynn, Associate Consultant, Coalfire Labs

    The first year I attended, I was lucky enough to identify interesting wireless signals with a distinct sound – that of the POCSAG and FLEX protocols. Decoding these signals revealed party invites to the Telephreak party where I listened to raw, uncensored lightning talks covering topics from car hacking to the fragility the entire West Coast’s power grid, and even met notable figures like Kevin Mitnick. It’s not unheard of for other notorious characters, like John McAfee, to attend events like these and share war stories.

    Read more
  • Displaying results 16-20 (of 52)
     |<  <  1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics


RSS Feed

The Coalfire BlogSubscribe to Feed
Chrome users will need to install RSS Subscription Extension (by Google)