Virtulization Sprawl: Don’t be Victimized!
A few days ago, I was talking about spinning up a new VM to take on some random task, and a fellow Redspin geek jokingly asked if I had ever heard of virtualization sprawl. I took a second to think…
A few days ago, I was talking about spinning up a new VM to take on some random task, and a fellow Redspin geek jokingly asked if I had ever heard of virtualization sprawl. I took a second to think…
Here at Redspin, we don't often get a chance to fool around with binaries. Nevertheless, during an audit we encountered a program with a simple format string attack. Not content with the manual format string exploitation process, we decided to…
One thing you learn when you start a career in pentesting is: Never assume anything. In my experience hacks aren’t always elegant and elaborate. Sometimes something simple and effective is your avenue of penetration. Which brings us to today’s topic:…
Apache is a fantastic web server. It's easily installable on pretty much every modern operating system, it has gobs and gobs of community support, documentation and howto's, and is very robust. What I don't like about Apache is its kitchen…
There are many choices out there when it comes down to validating the security of your external network. The range of services and skill levels available are almost overwhelming when you first set out on your search. You'll find high…
We take hiring pretty seriously and have a rigorous screening and background check process to find the “A Team.” While most of the process is uneventful, some of the applicants give us a good chuckle. Here is a list of…
Customers often ask the following question: What is the best approach to securing my web applications? Of course, the answer to the question is what our web application security assessments are all about. But if you haven’t yet engaged in…
You'd think that checking your email in a web browser is a simple task. Open up Firefox, plunk in your username and password, and start sending things to the SPAM folder. The truth is, when you load up your web…
Webmail is absolutely everywhere. I rarely come across a corporate network that doesn't have Outlook Web Access, Groupwise, or some other variant of webmail listening. Being able to get at email accounts from the Internet can save employees a lot…