I’m excited to launch our new website this week! It was a lot more work than I initially expected because the scope changed dramatically from what I initially set out to do. At first, this was just going to be a simple re-branding from the previous business name. Then I decided to rewrite the whole site entirely, along with designing a new look for it. Then came the challenge of incorporating what had been a separate blog.

Read More

Last month, 4iQ found a massive password list containing 1.4 billion usernames and passwords from previous breaches. The data is broken up into directories and files according to the first few letters of the username to allow for quicker searching using the included query.sh script. While this makes searching for specific users very easy, it is difficult to search the 41GB data dump by domain name for users from an entire organization.

Read More

The recent wave of WannaCry ransomware attacks has shed a lot of public light on the Windows SMB remote code execution vulnerability patched by MS17-010 and has fortunately resulted in organizations applying the security update to prevent further infections. While much of the focus has been on patching desktops and servers, it’s easy for many organizations to continue to neglect devices running the Windows Embedded 7 OS. I am nearing completion of a very long and complex pen test of an environment made up completely of networked embedded devices, so when the Equation Group’s Fuzzbunch framework was released publicly, I figured it would be perfect for a few boxes I was struggling to gain complete access to.

Read More