We pride ourselves in creating understandable, actionable reports for our clients. The goal of a penetration test is not to prove an attack can be successful, but to identify and prioritize remediation actions and strategies.
Sometimes, you need a vulnerable machine. Whether you are looking to learn about attack methods, or test your new controls - it is helpful to have a machine that contains vulnerabilities
When juggling multiple devices, the cloud offers many benefits. I have been maintaining multiple instances of Kali across my desktops and laptops for a bit now - and it is getting tiresome. Sounds like the perfect opportunity to dive into AWS. Here is how to setup your Kali box up in the AWS cloud.
TLDR; 1. Steal this document 2. Read and understand the model 3. Give a Current Rating to each control 4. Give a Desired Rating to each control 5. Identify gaps 6. Scope projects to close gaps 7. Execute projects 8. Rinse and repeat
I attribute about 95% of my learning to actually doing work. Most of my peers would agree and even push it further to “95% of my learning is by screwing things up.” For many computing platforms, it is very easy…