Skip to main content

May 22, 2017

Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 19

Protect the organization’s information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g. plans, def...

See Details

September 25, 2014

"Shellshock" Vulnerability in Bash Allows Unauthorized, Remote Code Execution

On September 24, a critical vulnerability - CVE-2014-6271 - was made public. This vulnerability, dubbed “Shellshock,” exposes a weakness in which cert...

See Details

June 20, 2014

Updates to the Lair Ecosystem

Back in 2013 FishNet Security sponsored the development of an open-source, collaborative penetration testing framework named Lair. My former colleague...

See Details

September 06, 2012

Bypassing Antivirus with PowerShell

On a recent penetration test, I ran into a number of challenges overcoming antivirus on compromised machines. Although I had already obtained domain a...

See Details

April 19, 2012

Scripting Metasploit with Python

While performing security assessments for clients, I occasionally encounter circumstances where I'd like a little more flexibility while using Metaspl...

See Details

January 18, 2012

JBoss JMX-Console Authentication Bypass

During engagements performing vulnerability assessments and penetration tests, it's common for FishNet Security consultants to encounter JBoss and Tom...

See Details