This One Time on a Pen Test
This One Time on a Pen Test: How I Hacked a Self-Driving Car
In our latest edition of "This One Time on a Pen Test," we take a deeper look at an engagement involving a self-driving car.
This One Time on a Pen Test: I’m Calling My Lawyer!
In this engagement, Rapid7 pen testers were tasked to identify sensitive information, harvest credentials, and obtain a reverse shell on their machines.
This One Time on a Pen Test: The Pizza of Doom
Here is the story of how I bypassed physical security controls by posing as a pizza delivery guy and showing up to my client site with a pizza pie.
This One Time on a Pen Test: Nerds in the NERC
Here is the story of how we gained access to a NERC CIP control room in a power plant as part of a penetration testing engagement.
The Return of Snapid Kevin to the North Pole
Santa has once again enlisted the help of his security consultant, Snapid Kevin, to evaluate his physical security. What will Snapid turn up?
How to Build Your Own Caller ID Spoofer: Part 2
In Part 1 [/2018/05/24/how-to-build-your-own-caller-id-spoofer-part-1/], we
talked about the need for organizations to test their security programs by
performing social-engineering campaigns with their employees so they can
understand employee susceptibility to these kinds of tactics, the potential
impact to the organization of this kind of attack, and develop methods of
defending against a real attack. We spoke about the need for accurately
simulating threat actors by setting up an Asterisk PBX
How to Build Your Own Caller ID Spoofer: Part 1
Organizations with mature security programs often test their own internal
awareness programs by performing social engineering campaigns (e.g., telephone
pretexting) on their personnel. These may include hiring third-party consulting
companies as well as performing internal tests. These tests should strive to be
as real-world as possible in order to accurately simulate a malicious actor and
learn from employees’ reactions and ascertain the level of risk they pose to the
An Evaluation of the North Pole’s Password Security Posture
Co-written by Jonathan Stines [https://twitter.com/fr4nk3nst1ner] and Tommy Dew
[https://twitter.com/tommydew3]. See all of this year's HaXmas content here
He sees your password choices;
He knows when they’re not great.
So don’t reuse those passwords, please,
And make them all longer than eight.
Now that Christmas has passed and all of the chaos from the holidays is winding
down, Santa and the elves are finally able to sit back and recover from the
strenuous Holiday commotion. H