The Fundamentals Identity and Access Management Part of data privacy and protection in an enterprise environment involves Identity and Access Management (often shortened to IAM). Despite the many variations and complexities of IAM systems in corporate setups, the fundamental principle is pretty basic: IAM is about controlling who has who…

Get in the spirit of the holidays with some hacking! If you’re like me, you probably have a number of projects that you’re working on and tracking at any one time. It’s important to keep your skills fresh, and, if you can have a little fun while you’re at it…

Want to be more efficient? Spend time on Good Documentation. Today I want to talk about a topic that is often disparaged within certain departments and industries: documentation. Typically, documentation is seen as a “necessary evil” that wastes time or resources when an employee could be spending that time on…

or, How to See Malware Activity in Real Time. I recently discovered Brad Duncan’s blog Malware-Traffic-Analysis.net. The blog is host to a variety of traffic analysis exercises, primarily involving malware infections that take place over a network and are documented in pcap files. It has really been scratching my digital…

How to Subnet with only a little bit of memorization and math — no binary required When I was first learning about networks, the topic that most consistently stumped me was subnetting. I am notoriously bad at doing anything other than simple math in my head, and it always felt…

Getting started in scripting doesn’t have to be scary Earlier this week, I was working on a project that required a little bit of python scripting. While not anything too complicated, it reminded me that I needed to stay fresh with my programming, and so, as a personal challenge, I…

Ransomware is on the rise in 2020 A growing concern for every industry just about everywhere is the topic of ransomware. Ransomware is not a new threat (the first documented case of ransomware occurred in 1989 for a whole $189), but incidents of ransomware have been increasing exponentially lately, especially…

Once you know the environment, it’s time to break in Today we’re going to follow-up last week’s blog post about the information gathering phase of PenTesting with a post about the exploitation phase of a PenTest. As discussed last week, we’re running the VM “SoSimple” from VulnHub. …

How much info can you get with a single tool? A lot, actually. While working on some individual PenTesting this week, I decided to challenge myself and see how much information gathering I could do with just a single tool — MetaSploit Framework, one of the most popular hacking tools…