It is that time of the year again! The Verizon 2020 DBIR report is out again – https://enterprise.verizon.com/resources/reports/dbir/ – and…

As an average person I had to refer to the book I read and to the movie I watch to…

What Enables the Kill Chains for Total System Compromise At NopSec my red teaming service team never stops amazing me…

Three times the vulnerability prioritization When it comes to vulnerabilities, I always say: “not all vulnerabilities are created equal”. Some…

The Lines Are Blurring NopSec started as a penetration testing service delivery company at my kitchen table. The company then…

At this time of the year, like any other year, the security industry goes back to reflect on itself and…

I have always been fascinated by lateral movement attacks possible within Windows Active Directory environments. Hosts are compromised; credentials extracted;…

Here at NopSec, we have always been fascinated with automation. It has been a focus of ours since the beginning…

According to the The Register’s article, last week we started assisting to the widespread exploitation of The Shadow Brokers’ leaked Windows…

…..and I am back!! Apologies for waiting so long to blogging. The past few months here at NopSec have been…

Securing an environment is a constant game of cat-and-mouse. Safety measures of all kinds can (and should) be put in…

On March 23rd 2016, I had the pleasure to participate in the Inaugural 2016 National Conference of Minority Cybersecurity Professionals…

According to FireEye, a U.S. based provider of next generation threat protection, it takes companies, on average, more than 200 days…

For consumers and businesses alike, when it comes to keeping private information private your best defense is vigilance; in both…

When I started my career as a penetration tester, the name of the game was all about breaching the external…

Literally a flood of lines have already been written about Security Threat Intelligence and its uses, so I would not…

This blog post is the first of a series documenting the journey into Machine Learning Algorithms NopSec is undertaking as part…

At NopSec, we work hard every day not only to make it easy for organizations to detect and prioritize vulnerabilities,…

As part of the DevOps movement, it would be desirable to scan your web application for security vulnerability as part of the Continuous Integration loop…

Enterprise organizations need vulnerability risk management solutions that integrate with the existing authentication and asset management infrastructure. Unified VRM has…

Most of our customers’ security analysts are called on a monthly basis (or more often) to deliver a presentation of…

Lately a lot of attention has been directed towards the “DevOps” or “SecOps” disciplines and for good reasons. According to…

Penetration tests are point-in-time adversarial tests aimed at testing the intrusion prevention, detection, and incident response capabilities and controls of an…

A couple of days ago I read an interesting article in the Tenable Network Security Blog — here — where…

In the previous blog post here, we described the GHOST Linux glibc vulnerability in details and its repercussions to the…

Our partner Qualys discovered a new vulnerability nick-named “GHOST” (called as such because it can be triggered by the GetHOST…

Usually I am not particularly a big fan of security doom scenarios, but looking at this week’s security news and…

If you’re a security researcher or penetration tester you’re probably already well aware of the extensive array of tools available…

Google security researchers Bodo Moller, Thai Duong and Krzysztof Kotowicz recently uncovered a vulnerability in SSL 3.0 that could allow secure connections to…

If you are like us at NopSec one of the companies that operators on Amazon AWS cloud, this past couple…

As penetration testers know, spending nights awake to probe networks, servers and applications is common practice. For companies completing vulnerability…

The SANS 20 Critical Security Controls are prioritized mitigation steps to improve cybersecurity. Coordinated through the SANS Institute, many companies with…

As we have reached the end of this blog post series on SANS 20 Critical Controls, this one is definitely…

In this installment of our SANS 20 Critical Security Controls, I bundled three controls together simply because they are very…

Have you ever considered what is the venue most attackers use to infiltrate target systems? In terms of percentage, certainly…

This week we come back with our blog series on SANS 20 Critical Controls and focus on Audit Logs and Controlled…

As we are getting ready to descend for a couple of days to Vegas for Black Hat / DefCon /…

Another very important area of an organization’s security program is its application security roadmap. We all know that web and…

I have been attending the Black Hat Conference in Las Vegas for many years now and I have to admit that the…

In a system there is no privilege that is higher than administrative privileges. In Unix and Linux world, this is…

Exposure level and Risk level are directly proportional to each other! Ports, protocols and services are entry points and mechanisms…

Why all graphical representations of a network firewall include a wall with flames? Do you have to set a wall…

On this blog post of the SANS Critical Control series I comment on two critical controls that at the first…

Wireless networks have always been a “no man’s land” in terms of security and appropriate configuration. Some of the most…

As part of SANS 20 Critical Security Controls mapping with Unified VRM series, today I am going to discuss Critical…

In this latest installment of this blog series, I am going to analyze how to implement the SANS Critical Control…

In the previous two blog posts I have been addressing Control 1 and Control 2 in the SANS Critical Security…

Yesterday, I published the first blog post on mapping SANS 20 critical security controls to Unified VRM. The post dealt…

Penetration testing is one of the services that we offer NopSec customers. A vulnerability assessment and penetration test provide an…

Cyber Security was all over the news recently. Facebook revealed that it was hacked – even though it came out…