The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts.


  • The Basics of Exploit Development 5: x86-64 Buffer Overflows

    Andy Bowden, Consultant, Coalfire Labs

    Hello! If you have read the other articles in this series, welcome back. If not, I would encourage you to read those before proceeding with this article as it builds on concepts laid down in the previous installments. In this article we will be covering a technique similar to the one in the first installment of this series, however, with the twist in that this exploit will be of a 64-bit process running on Windows 10. 
    Due to the nature of modern operating systems and the exploit mitigation techniques they employ, this will not be a very realistic example due to the fact that we will be disabling everything so we can concentrate on a few aspects of exploiting a 64-bit application. Specifically, we will be looking at the differences in how the different architectures call functions and how the features of the 64-bit method can be leveraged to exploit a vulnerability. 

    Read more
  • Offensive Security Testing Using Cloud Tools

    Rick Osgood, Senior Security Consultant, Labs

    When performing offensive security testing, assessors sometimes run into issues where their source IP address gets blacklisted. For example, we might be performing a web application test and, due to the many suspicious queries being performed, our IP address is suddenly blocked. While on the surface this may seem like an effective security control, it’s actually quite easy to change a source IP address. Methods have existed for a long time, including using a proxy server or routing traffic through a VPN tunnel. The problem with these methods is that they take effort to set up and those new source IP addresses can just as easily be blocked, leaving assessors in the dark once again. When doing this kind of work every day, it would be nice to have an efficient method for changing a source IP address for this kind of testing without risking getting blacklisted.

    Read more
  • Reflections on Women in Cybersecurity

    Anne Bayerkohler, Senior Director, Quality and Compliance, Coalfire

    I joined Coalfire in 2014. At the time, there were very few women in cyber, much less in leadership roles. As it sometimes happens, I found myself in an elevator with Tom McAndrew, who is now our CEO. We started talking about the direction of my career and plans for my role as Director of Coalfire’s Quality Management System. He asked me a simple question, “What are you doing next?” I had to suddenly come up with a literal elevator pitch of what I could do in my sphere of influence.

    Read more
  • The impact of Covid-19 on SOC reporting

    Jamie Kilcoyne, Partner, Coalfire Controls

    The audit cycle for organizations that receive SOC reports includes new challenges related to Covid-19. Remote workforces are now the norm throughout the world, which introduces new risks. For example, connecting to corporate networks using personal computers that may be infected with malware is one such risk. Additionally, hackers and fraudsters have stepped up their game and increased the frequency and sophistication of their attacks to take advantage of the vulnerabilities that come with a remote workforce. Many organizations have suffered economically due to Covid-19 with workforce reductions to help reduce costs. However, this could result in a failure to re-assign control responsibilities and a corresponding failure to perform certain controls.

    Read more
  • FedRAMP 101: How to get listed as “In Process”

    Marc Zurcher, Senior Manager, FedRAMP Assurance Services, Coalfire

    Are you a cloud service provider working on a federal contract and need a FedRAMP authorization – but don’t have a sponsor yet? Acquiring a committed government agency sponsor early in the FedRAMP process is crucial to your success and will ensure a smoother process. A major role for an agency sponsor is to identify which risks they are willing to accept in your Cloud Service Offering (CSO) that may not fully align with FedRAMP requirements.

    Read more
  • Displaying results 1-5 (of 424)
     |<  < 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics

Archives

Tags

Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff CISO cloud CMMC CoalfireOne Compliance Covid-19 credit cards C-Store Culture Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DevSecOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi women XSS
Top