Jun 24, 2019 | Cybersecurity, Penetration Testing, Tenable, Vulnerability Scanning
By: Justin Fimlaid What is an Exim server? An Exim server is a mail transfer agent used on Linux like operating systems. Exim is a free software and used by as much as 57% of the Internet email servers. Over the past couple weeks it has been noted that a heavy amount...
Jun 10, 2019 | Cybersecurity, Penetration Testing, Vulnerability Scanning
By: Justin Fimlaid What is SHA-1 and what is the history of SHA-1? Originally SHA-1 was developed as part of a U.S. government capstone project. The first version of SHA was SHA-0 and that was developed in 1993 as the Secure Hash Standard. SHA-0 was originally...
Apr 15, 2019 | Compliance, Cybersecurity, Information Security, Penetration Testing, Vulnerability Scanning
By: Justin Fimlaid If you haven’t heard of it there is a new banking directive in the U.K. called the Open Banking Directive. This directive went into effect on January 13, 2018. It’s significant for U.S. based banks, because this Directive could apply...
Mar 11, 2019 | Penetration Testing, Source Code Reviews
By: Justin Fimlaid Authentication is a critical piece of any application. It’s also always the piece of security architecture that is commonly attacked, so it’s important to get it right. When we talk about authentication it’s the act of establishing that someone or...
Nov 1, 2018 | Penetration Testing
By: Eric Kobelski As a software developer turned security engineer, I continue to follow current development technologies, as it makes me more of an effective tester. One of the articles that I was reading contained an interview with one of the applications developers...
Sep 11, 2018 | Information Security, Penetration Testing
Rewrite: Justin Fimlaid Original Author: Hunter Gregal Cross-site scripting, or otherwise known as XSS, is the most common web application vulnerability on the internet. I have found this to be true through both data research and personal experience during penetration...
Aug 17, 2018 | Penetration Testing
By: Randy Duprey What is Red Teaming? Red teaming in general can be defined as a goal-based adversarial testing process. The concept has existed since the sixth Century BCE when the ancient military genius Sun Tzu stated that “…one who knows the enemy and knows...
Jul 18, 2018 | Penetration Testing
By: Eric Kobelski, Security Engineer One question that we get consistently is “What exactly is a web application penetration test?”. There are some companies that will run a vulnerability scanner against your application and call that a penetration test, but this is...
Jul 2, 2018 | Penetration Testing
By: Eric Kobelski, Security Engineer Updated on: 06/28/2018 Burp’s Collaborator is a useful tool to assist with web application (webapp) penetration and security testing; particularly when malicious payloads are injected and then exercised by a vulnerable system. When...
![NullByte: 1 [Walkthrough]](https://i1.wp.com/www.nuharborsecurity.com/wp-content/uploads/2018/05/NullByte-Walkthrough.jpg?resize=1024%2C675&ssl=1)
May 31, 2018 | Penetration Testing
Originally Written By: Hunter Gregal Updated By: Justin Fimlaid It’s that time again; to practice our penetration testing skills and tactics! NullByte: 1 is another root-the-box type challenge that can be found on http://vulnhub.com. Like other challenges on the...
