Optiv Blog

Top 10 Network Security Mistakes - #6: Insufficient Logging and Monitoring

· By Andrew Carlson ·

Continuing along our journey through the Top 10 Network Security Mistakes, today we’ll take a look at logging and monitoring. Hopefully we can all agree that information is power. And many times, in the course of protecting or using powerful information, we can generate other powerful information. This is frequently referred to as metadata.

Continue reading

Using Burp Suite to Test Web Services with WS-Security

· By Chris Bellows ·

During a recent engagement we ran into a web service endpoint that was using WS-Security for authentication, specifically it was using the “Username Token” profile. At first look it did not appear to be an issue for testing as it looks like we only needed to include the proper credentials in the SOAP document header, unfortunately it was a bit more complicated.

Continue reading

Are You On Cloud Nine Yet?

· By Andy Duewel ·

CIOs and CTOs looking to reduce costs, drive innovation and maintain a strategic advantage over their competitors can’t afford to overlook the cloud. Adoption comes with its share of challenges, but some of its upsides may surprise you. We’ve compiled a list of nine of these upsides that are possible with implementation of cloud-based services and applications.

Continue reading

WiFi Management Tools Help Ensure WLAN Health

· By Chris Lyttle ·

For many organizations, the wireless local area network (WLAN) has changed from an optional item to a mission-critical service. Customers and employees automatically expect WiFi connectivity to get their work done. However, many wireless networks were originally designed for intermittent use, primarily by laptops. They may not be able to cope with the increased traffic

Continue reading

CryptoLocker Prevention and Remediation Techniques

· By Colby Clark ·

If you’re running Windows XP through Windows 8, chances are you've heard of CryptoLocker by now. If not, for some background, check out our previous 6LABS post. Now that you know what it is, it's time to defend your network against it. There are several defense techniques, and I will try to touch on as many as I can.

Continue reading

Indoor Location Services (ILS) - Bring a competitive advantage to your enterprise network

· By Bill Carr ·

In the last few months, we've heard a great deal about how indoor location services are becoming the “next” frontier in differentiating your environment from competitors. We’re seeing opportunities to truly differentiate your employee’s and customer’s experience with these services. They can enhance services, reduce personnel costs, improve customer satisfaction and provide additional revenue streams by keeping the client engaged, and providing a personalized experience.

Continue reading

What You Should Take Away From The PCI DSS 3.0 – Part 1

· By Jeff Hall ·

There are a lot of people and organizations pointing to “business as usual” or BAU as the huge take away from the latest version of the PCI DSS. Yet according to the PCI SSC in their recent statements regarding BAU at the 2013 Community Meetings, BAU is only a suggestion, not a requirement of the new version of the PCI DSS.

Continue reading

Business Continuity Planning (BCP) is a Necessity


Business continuity and contingency planning are vital activities for every company regardless of size. Every day, businesses are confronted with disasters of varying degrees and impacts. Those that have adequately developed, maintained and exercised their contingency plans will thrive. Yet many organizations continue to take the uninhibited operations of their companies for granted.

Continue reading

How-To: Post-Ex Persistence Scripting with PowerSploit and Veil

· By Chris Patten ·

Many penetration testers within the security industry state that getting a system shell is just the starting point for an attack. Sure, I agree, and quite possibly the most significant tenets of our craft could be post exploitation - specifically, the act of maintaining a persistent connection while remaining intimately covert against defense mechanisms.

Continue reading

Creating Change: My Move to Accuvant as Chief Strategy and Security Officer

· By Jason Clark ·

I’m extremely excited to announce that I’ve embarked on the next phase of my professional journey. I’ve joined Accuvant in the newly created position of Chief Security and Strategy Officer, working alongside some of the most talented security professionals in the world to innovate and develop strategic solutions that solve the specific security problems organizations

Continue reading
(89 Results)