The 100 Million Dollar Getaway - Horror Stories 2015
October 26, 2015, Price McDonald, Director Labs Professional Services
In today's security landscape, companies face daily threats to their reputation and intellectual property. The typical response to these threats is to purchase a tool or a service claiming to be a magical silver bullet that can respond to all "cyber" threats. In reality, the quest for a security silver bullet is a fool's errand, and any solid security program will revolve around continuous evaluation and training against emerging threats.
Audio Video Media Forensics
October 13, 2015, Brian Prendergast, Forensic Consultant, Coalfire Labs
Our media forensics practice is a fast growing part of Coalfire. We’re often asked what we can do, and this post is intended to be a quick primer to provide some background if you’re in need of this service and what you can expect from us and others in the field.
DerbyCon is right around the corner (Sept. 23 - 25)
September 22, 2015, Mike Weber, Vice President, Coalfire Labs
DerbyCon is right around the corner (Sept. 23 - 25) and we wanted to highlight two sessions that Coalfire Labs team members will be presenting.
Upcoming Podcast: Python security projects
April 28, 2015, Mike Weber, Vice President, Coalfire Labs
Join Coalfire penetration tester Dan McInerney on Thursday April 30th at 6:00pm ET on the Security Weekly Podcast. Read more
Social Engineering- Beyond the Baseline
December 15, 2014, Brandon Edmunds, Senior Security Consultant, Coalfire Labs
Coalfire Labs does a lot of Social Engineering testing. Traditional Social Engineering testing involves a mundane process of taking a sample of a population and then attacking those “targets” with some pretext calls or a phishing email in order to obtain credentials. Metrics are recorded and then reported back in some form of a deliverable, usually a report. As an example, in a standard Social Engineering engagement, we had a Pretext Calling campaign that included a target selection of 10 users. We made 10 phone calls and talked three of the targeted people out of their passwords.