Quantcast
Channel: CORE Security » Conducting Tests
Browsing latest articles
Browse All 11 View Live

Michal drops the other shoe

Core CTO Ivan Arce offers his reaction to some of the newest ideas around secure development proposed by longtime industry colleague Michal Zalewski, taking a deeper look at how and why we look at IT...

View Article



Unlocking the Real Potential for Security Testing

When I first arrived here almost three years ago, the most exciting aspect of taking on leadership of Core was knowing that the company I was joining wasn’t just a clear leader in its established...

View Article

Tackling the Cloud Security Question: Core Security’s Viewpoint

The Elephant in the Cloud In my experience, I’ve seen organizational leaders approach cloud computing from three different angles best summarized by the following questions: A.  How can I help my...

View Article

Shrugging and Eye-Rolling Is Not a Cloud Security Verification Strategy

View Article

Fun with SQL Injection Penetration Testing in CORE IMPACT Pro

As some of you readers may already know, I’ve made the decision to leave Core and join SpiderLabs. Some life changes (notably, a child!) have occurred and while I’ll miss Core greatly, I’m excited...

View Article


Pick an Access Point, any Access Point: Assessing Man-in-the-Middle Threats...

One of the things that I love about working for Core is our freedom to work on things that we are interested in. Instead of being expected to focus 100% on the project du jour and produce x lines of...

View Article

You Have Two Ears and One Mouth

We have to take a more aggressive approach to security across the board – because those who attack our networks aren’t signing a code of ethics and they aren’t following a playbook. They will do...

View Article

What Can Happen in 20 Days?

There is some buzz surrounding today’s (November 30) “new” release of an exploit for CVE-2011-3544 by Metasploit that takes advantage of a vulnerability in the Java Runtime Environment (JRE) to execute...

View Article


Tech Tips for PenTest Pros: Go Further with QR Code Attacks with CORE Impact

Previously I took a look at how to take a malicious link created by CORE Impact Pro and turn it into a QR code, so that you can further you client side attacks. The general idea was that you could use...

View Article


Test the Weakest Link and Phish Your Users

I’ve been advocating for the use of email born phishing tests against the user population within companies for over six years now, and I have to admit the fight is a complex one. Most of the network...

View Article

CORE Labs Discovery of Six Vulnerabilities within SAP Netweaver

As a security researcher and member of the CORE Security Consulting Services team, and close partner with CORE Labs here in Buenos Aires, I need to perform security analysis of complex enterprise IT...

View Article
Browsing latest articles
Browse All 11 View Live




Latest Images