Optiv Blog

Implementing an Identity Centric Approach

· By Bryan Wiese · 0 Comments

With the latest Verizon Data Breach Incident Report finding that 81 percent of hacking related breaches leveraged either stolen and/or weak passwords, our clients are consistently asking us, are we really immune to a breach?

Continue reading 0 Shares

Shedding Light on the Dark Web – What is it, Really, and How Can it Help Me?

· By Ken Dunham · 0 Comments

Dark web, darknet, deep web – all sexy new terms that are often overused and not well understood. Definitions are all over the place ranging from illegal and nefarious, to private, commercial, encrypted and so on. When looking at Internet content in 2017, I use the following definitions to describe the three layers of the web.

Continue reading 0 Shares

Tactics, Techniques and Procedures (TTPs) Within Cyber Threat Intelligence

· By Ken Dunham · 0 Comments

TTPs is a great acronym that many are starting to hear about within cyber security teams but few know and understand how to use it properly within a cyber threat intelligence solution. Tactics, techniques and procedures (TTPs) get at how threat agents (the bad guys) orchestrate and manage attacks. “Tactics” is also sometimes called “tools” in the acronym.

Continue reading 0 Shares

MSSQL Agent Jobs for Command Execution

· By Nicholas Popovich · 0 Comments

The primary purpose of the Optiv attack and penetration testing (A&P) team is to simulate adversarial threat activity in an effort to test the efficacy of defensive security controls. Testing is meant to assess many facets of organizational security programs by using real-world attack scenarios.

Continue reading 0 Shares

Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 8

· By Joshua Platz · 0 Comments

Control the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action.

Continue reading 0 Shares

Mapping Cyber Attacks to Maslow's Hierarchy of Needs

· By James Robinson · 0 Comments

Maslow’s hierarchy of needs is basically a theory that aims to understand what motivates people, represented as a pyramid that maps the different levels of needs. At the lowest level are the basic human needs that are required to function. As those needs are met, individuals move up the hierarchy to fulfill deeper and more complex needs.

Continue reading 0 Shares

Diversionary Tactics 101

· By Jeff Horne · 0 Comments

When organizations are hacked or infected with malware, an important question they ask themselves is, “Who is attacking us?” Understanding an attackers profile gives your organization insight into their motives, tactics, and what they are after. The more you know about them, the more effective your strategy will be.

Continue reading 0 Shares

The Transcendence of Breach Assessments

· By Chris Patten · 0 Comments

This blog post isn’t intended to be a panacea that will resolve past, present and future organization security breaches. That is a tall order many feel is unachievable, whether an accurate statement or not. However, a more focused approach to security and safety can help companies’ vested interests (e.g., employees, intellectual property, physical dwellings and information resources).

Continue reading 0 Shares

How To Survive Breach Failure (Part 2 of 3)

· By Terrence Weekes · 0 Comments

Before an incident occurs , it is important for organizations to have a comprehensive incident response (IR) plan in place. In the chaos that arises during a breach, CISOs and security leaders need to avoid the natural tendency to drift from the established process, and make decisions that align with the formal IR plan.

Continue reading 0 Shares

Common Web Application Vulnerabilities - Part 9

· By Andrew Bonstrom · 0 Comments

Padding oracle attacks are becoming more frequent and recently made headlines with the Padding On Oracle Downgraded Legacy Encryption (POODLE) vulnerability within the 18-year-old SSL 3.0. Today, I will be diving into padding oracle attacks and what you can do to defend against them. First, there a few items we need to look at in order to understand the nature of padding oracle attacks.

Continue reading 0 Shares
(32 Results)