The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • An Analysis of PCI DSS Requirement 11.3.4.1 and the Compliance Expectations

    October 13, 2017, Jason Pieters, Product Director, PCI, Coalfire

    For some organizations, understanding, navigating, and complying with the Payment Card Industry (PCI) Data Security Standard (DSS), especially after the release of the latest version (v3.2) released in April 2016, has become confusing and/or challenging because of the inclusion of phased-in applicability of requirements. The most common questions that Coalfire receives from clients are regarding requirement 11.3.4.1

    Read more
  • How I discovered CVE-2017-13707

    October 05, 2017, Michael Allen, Senior Consultant, Coalfire Labs

    New Vulnerability Found Using Techniques Taught at Black Hat USA

    One of the topics I teach in Coalfire's Adaptive Penetration Testing course, given most recently at Black Hat 2017, is manual privilege escalation on Linux- and Unix-based systems. I also talk about how common it is to gain an initial foothold in an environment by leveraging default or easily guessable login credentials. During a recent red team engagement, I leveraged both of these techniques – not only to fully compromise the organization's Active Directory environment, but also to discover and exploit a previously unknown vulnerability in the Replibit Linux distribution installed on a server on their network.

    Read more
  • Blueborne – Don’t Panic!

    September 12, 2017, Communications Team, Coalfire

    Here is what we know right now: Security company Armis recently released research identifying eight newly discovered vulnerabilities that exist in the wireless communications protocol Bluetooth, which could potentially affect a large percentage of the estimated 8.2 billion Bluetooth enabled devices, including laptops, mobile phones, and other IoT devices.

    Read more
  • Forensically Imaging a Microsoft Surface Pro 4

    August 29, 2017, Robert Meekins, Director, Forensics, Coalfire

    Working on digital forensics can sometimes create some challenging situations. Recently, we received a couple of Microsoft Surface Pro tablets to image and analyze. Having conducted forensics for a while, I realized that, depending on the version, imaging this tablet could be a challenge. Some setbacks normally associated with Surface tablets include not being able to remove the hard drive, the inability to place the device in target mode, and the hardware being very finicky about what OS can and cannot boot. Ultimately, the challenge comes down to having to use the tablet itself to perform the image, and the only option for input is a single USB port.

    Read more
  • Coalfire’s Adaptive Penetration Testing at Black Hat Helped Prepare Tomorrow’s Security Talent

    August 16, 2017, Ryan MacDougall, Sr. Security Consultant

    What makes a penetration tester highly successful? Most obviously, the technical skills to hack into a network, application, or location comes to mind first, and without those capabilities and the ability to continuously learn, an aspiring pen tester has a tough road ahead of them.

    Read more
  • Displaying results 1-5 (of 15)
     |<  < 1 - 2 - 3  >  >| 

Recent Posts

Post Topics

Archives

Tags