Cheap Testing Explained

Categories: From the Darkened Room

A post from my “In the Darkened Room” series, a personal look at cheap penetration testing and why it might, or might not, be a good idea. As the owner of a penetration testing company I receive, almost daily, requests to “sharpen my pencil” or “give me your best price”. When I started back in […]

Some People are Dumb

Categories: From the Darkened Room

IT DOES NOT MATTER HOW SECURE YOU ARE, IF YOU USE SERVER 2008 Hello folks and welcome to the fourth mini paper in my series “from the darkened room”. This mini paper is looking at what actually goes into the reconnaissance part of a penetration test here at Hedgehog, and how the recon phase alone meant game over on a test. […]

SOMETIMES IT PAYS TO WALK AWAY

Categories: From the Darkened Room

The second post in my series from the darkened room; sometimes I walk away. This engagement was a pure web application penetration test. The new client was an online retailer and the story starts and ends at the pre-test phase. They contacted us to perform a web app penetration test against a single URL. They initially wanted to spend no more than two days on the […]

WHEN THE WORLD CRASHES DOWN

Categories: From the Darkened Room

ADVANCED PENETRATION TESTING – WHEN THE WORLD CRASHES DOWN Can a seasoned security professional beat the world’s best security software and mitigation? This job certainly found out. It also demonstrated well the difference between a vulnerability scan and a penetration test. The client had spent three years relying on a “market leading” vulnerability scanner to identify all their security weaknesses. What it didn’t spot was, well, all their […]

The ME in “MEntal Health”

Categories: From the Darkened Room

Hey, didnt I write something like this last year? Well, yes, I sure did. Originally this piece was titled “So you want to be a pentester” and was writing because I get asked a lot by people society see’s as fringe humans how to get into the coolest and best industry in the work. Please […]

Cyber Security & Data Protection

Categories: CISO, From the Darkened Room

2016 was a black year in the calendar of data breaches. With countless websites and applications being breached, user’s details were made available online. Of the reported and published breaches, over 1.167 billion user’s details were leaked. Over halfway through 2017 and that figure is close once again. Each year the UK government surveys the […]