Blog

Introducing Armory: External Pentesting Like a Boss

Posted by Dan Lawson on February 04, 2019Link 

TLDR; We are introducing Armory, a tool that adds a database backend to dozens of popular external and discovery tools. This allows you to run the tools directly from Armory, automatically ingest the results back into the database and use the new data to supply targets for other tools.   Why?   Over the past few years I’ve spent...Continue reading 

The First Five Things You Should Do As A New CISO

Posted by Gene Abramov on August 20, 2018Link 

Everyone who works in or is tasked with hiring for the InfoSec industry understands that one of the biggest challenges is acquiring and keeping talent. There is a deficit of good people, and that includes senior executives.  In the case of CISOs, the average tenure (according to industry research) is 24 to 48 months, with many CISOs changing companies even more...Continue reading 

Weaponization of Nessus Plugins

Posted by Faisal Tameesh on February 06, 2018Link 

Des Pic

Overview During a recent internal penetration test, the need arose to exploit a Java two-stage deserialization vulnerability. This post will walk through how to twist a Nessus plugin, meant to test only for the existence of an RCE vulnerability, into a weaponized exploit that can be utilized to attain a reverse shell on your own attacking server. This was necessary...Continue reading 

Have Questions?
Get Answers