Michal drops the other shoe
Core CTO Ivan Arce offers his reaction to some of the newest ideas around secure development proposed by longtime industry colleague Michal Zalewski, taking a deeper look at how and why we look at IT...
View ArticleUnlocking the Real Potential for Security Testing
When I first arrived here almost three years ago, the most exciting aspect of taking on leadership of Core was knowing that the company I was joining wasn’t just a clear leader in its established...
View ArticleTackling the Cloud Security Question: Core Security’s Viewpoint
The Elephant in the Cloud In my experience, I’ve seen organizational leaders approach cloud computing from three different angles best summarized by the following questions: A. How can I help my...
View ArticleFun with SQL Injection Penetration Testing in CORE IMPACT Pro
As some of you readers may already know, I’ve made the decision to leave Core and join SpiderLabs. Some life changes (notably, a child!) have occurred and while I’ll miss Core greatly, I’m excited...
View ArticlePick an Access Point, any Access Point: Assessing Man-in-the-Middle Threats...
One of the things that I love about working for Core is our freedom to work on things that we are interested in. Instead of being expected to focus 100% on the project du jour and produce x lines of...
View ArticleYou Have Two Ears and One Mouth
We have to take a more aggressive approach to security across the board – because those who attack our networks aren’t signing a code of ethics and they aren’t following a playbook. They will do...
View ArticleWhat Can Happen in 20 Days?
There is some buzz surrounding today’s (November 30) “new” release of an exploit for CVE-2011-3544 by Metasploit that takes advantage of a vulnerability in the Java Runtime Environment (JRE) to execute...
View ArticleTech Tips for PenTest Pros: Go Further with QR Code Attacks with CORE Impact
Previously I took a look at how to take a malicious link created by CORE Impact Pro and turn it into a QR code, so that you can further you client side attacks. The general idea was that you could use...
View ArticleTest the Weakest Link and Phish Your Users
I’ve been advocating for the use of email born phishing tests against the user population within companies for over six years now, and I have to admit the fight is a complex one. Most of the network...
View ArticleCORE Labs Discovery of Six Vulnerabilities within SAP Netweaver
As a security researcher and member of the CORE Security Consulting Services team, and close partner with CORE Labs here in Buenos Aires, I need to perform security analysis of complex enterprise IT...
View Article
More Pages to Explore .....