In last week’s blog, I started outlining some of the considerations when choosing a penetration testing provider, including a list of general questions you should ask during your early correspondence with a prospective provider. As mentioned in my previous post, procuring offensive security services is a relatively new undertaking for many companies, and the complexities can make...Read More

Recently, I received a call from a long-time friend of mine with who I had never had the opportunity to work professionally. His company was launching a new online store, and after hearing his plans, we conducted an application penetration test to ensure it was secure for launch. This was the last person I thought...Read More

In the 11+ years Depth has been in business we’ve had the opportunity to see some less than stellar work as far as assessment services go. Our clients often send us assessment reports they’ve received from other security firms. Sometimes they want us to check remediation status on a single item. Other times they aren’t...Read More

Traditionally, closed circuit tv (CCTV) cameras and digital video recorders (DVRs) have been stand-alone, self-contained systems.  If the ability to access these systems remotely was required it was most commonly achieved by opening a port on a firewall and allowing access from the Internet to the DVR or camera directly.  Although effective, that method of...Read More

In June I spent a little time in the web administrative interface of a Polycom VVX600 IP phone running UC Software Version 5.1.3.1675. As I proxied the traffic through BurpSuite, I immediately noticed something interesting in the requests that the interface uses to display phone background images and ring tones to web users. The requests...Read More

It’s not uncommon for us to identify SQL injection (SQLi) vulnerabilities during network penetration tests or targeted web application security assessments although it sure seems to be getting less frequent. I hate using the term “SQLi Vulnerability” because SQLi is an attack, not a vulnerability. Whatevs though, the term is commonly used both ways in...Read More

When I had my last house built, I wired it for a CCTV camera system. I ran siamese rg58 coaxial cable (the type with a separate pair for low voltage power) from a central location to all my camera locations since it’s a pain to do once a house is built. I bought a cheap...Read More

So you have a meterpreter session on some Windows machine remotely or internally. One of the first things a lot of folks will do is escalate to SYSTEM (getsystem or post/windows/escalate/getsystem in meterpreter) and dump the server’s password hashes (hashdump or post/windows/gather/hashdump). The logical thing to do next is to begin cracking the hashes for later use. There...Read More

Fierce is a simple but very useful DNS reconnaissance tool written by Robert Hansen (RSnake) that I use on virtually every pentest, vuln assessment, or application security assessment I’m involved in. There’s nothing fancy or super-technical about this tool; it’s just useful and deserves some mention. It combines the functionality of a handful of recon tools into one....Read More

The Daily Mail has a short article about how the recent compromise of 200,000+ Citigroup accounts occurred. Of course there is not much technical detail but the vulnerability and exploit are pretty obvious if what the article says is correct: “They simply logged on to the part of the group’s site reserved for credit card customers – and substituted their...Read More