I recently encountered a case with one of my clients that demonstrated the true value of having an effective information security training program which includes regular social engineering tests. Sure,… read more →
smtp-test.py has been released on our public Github account. Check out the repo at https://github.com/isaudits/smtp-test/ The script is designed to automate testing of SMTP servers for penetration testing: Runs nmap… read more →
Check out pasv-agrsv, our new passive recon / OSINT automation script which we recently released on the ISAudits github page: https://github.com/isaudits/pasv-agrsv/ Runs passive recon tools specified in config file given… read more →
Check out autoenum, our new Nmap automation script which we recently released on the ISAudits github page: https://github.com/isaudits/autoenum Performs an initial Nmap scan to detect live hosts for enumeration and… read more →
Late last week, a critical vulnerability (CVE-2014-6271) affecting many Unix-based systems, including Linux variants and Mac OSX was discovered which, in certain circumstances, allows remote code execution on affected systems.… read more →
Last Tuesday, Microsoft released MS14-045 to patch several local privilege escalation vulnerabilities associated with the Windows kernel. Unfortunately, soon after the release reports of the dreaded blue screen of death… read more →
The interwebs have been abuzz with concern over the recently discovered “Heartbleed” vulnerability in certain versions of OpenSSL, and rightly so – some security researchers have gone so far to… read more →
More often than not, network administrators will respond to the question “do your users have local administrator access to their workstations” with “yes, because software vendor XYZ requires it in… read more →
Great blog post by Safe Systems’ Matt Gunn with guidance on selecting IT auditors and penetration testers with contributions by IS Audits’ own Matt Jones as well as TrueSec Consulting’s… read more →
In January, Apple detected a flaw in it’s IOS (iPhone, iPad, etc) and OSX operating systems which would allow an attacker to view encrypted data streams via man-in-the-middle attack or… read more →