Penetration Testing Guide | Digital Interruption
Penetration testing guide for buyers. Scan vs assessment vs pen test, what to use and when. Clear deliverables, fixed scope, free retest. Code and cloud reviews.
Category: Penetration Test
Red vs Blue – A write-up of our SkillSec workshop
I often feel that blue teaming doesn’t always get the love it deserves, so we decided that this months SkillSec would be about Red vs Blue. For those that may not be familiar with these terms, Red is the “offensive” side of security (think “attack simulation”) and blue is about defending i.e. detecting and stopping the attackers. As is often said, blue can be more challenging as you have to defend every weakness whereas with Red, you only have to find one weakness. Both are important to consider. Whilst Digital […]
Securing the Mainframe
Security consultants tend to specialise fairly early in their careers, and one of the areas I chose to specialise in, and something that Digital Interruption offers our clients, is mainframe security assessments. For many of us, unless you’re over a certain age, or have a strange fixation on weird machines, you’ll likely have never interacted with a mainframe before. There are a few popular (and contradictory) myths in the infosec community about mainframes: They’re legacy They’re the same as supercomputers Nothing a cluster of cloud computers can’t beat Nobody uses […]
Post Exploitation on Linux – Release the Orc
This blog is an extension of my Arcane Arts of Linux talk at Steelcon 2018, as well as a quick discussion about a post exploitation tool I’ve been writing and playing with for the last few months, called Orc. Part of the inspiration for this post is that over recent years, there’s been a lot of conversation about red-team techniques for Windows, significant tool development and tool evolution, and generally quite a lot of progress. Linux, on the other hand, doesn’t receive nearly as much attention. There are a lot […]