Live Cyber Attack Lab 🎯 Watch our IR team detect & respond to a rogue insider trying to steal data! Choose a Session


Articles by

Andy Green

Data Security’s Tower of Jenga

Over the holiday break, I had a chance to see “The Big Short”, the movie based on Michael Lewis’s book about the housing bubble. Or more accurately, about how a...

Read More

What is the EU General Data Protection Regulation?

Table of Contents DPD 2.0 GDPR Vocabulary Articulating the Articles More Articles: The New Stuff Focus Your GDPR Compliance Note: This post now reflects the final version of the EU...

Read More

Penetration Testing Explained, Part V: Hash Dumping and Cracking

In the previous post in this series, I guessed a local password and then tried various ways to move laterally within my mythical Acme network. But what happens if you can’t...

Read More

Penetration Testing Explained, Part IV: Making the Lateral Move

You can think about the post-exploitation part of penetration testing as an army or rebel force living off the land. You’re scrounging around the victim’s website using what’s available —...

Read More

Our Version 1.0 List of Penetration Testing Resources

I barely scratched the surface of penetration testing in my own blogging, and I’ve already amassed a long list of resources. So rather than withhold any longer, I’ll spill the...

Read More

Interview with Pen Testing Expert Ed Skoudis

We’re very excited to present this Q&A with Ed Skoudis. Skoudis is a very large presence in the security world. Here’s just a snippet from his lengthy bio: founder of...

Read More

Penetration Testing Explained, Part III: Playing with RATs and Reverse Shells

Last week I broke into a Windows 2008 server and inserted a remote access trojan or RAT. Don’t call security, I did this in a contained environment within virtual machines....

Read More

Penetration Testing Explained, Part II: RATs!

Remote Access Trojans or RATs are vintage backdoor malware. Even though they’ve been superseded by more advanced command-and-control (C2) techniques, this old, reliable malware is still in use. If you...

Read More

Yes, the SEC Enforces Data Security Standards

With the EU now very close to having a uniform data security law across the land, it’s a good point to take another look at US data protection and privacy...

Read More

Penetration Testing Explained, Part I: Risky Business

In most of the security standards and regulations that I’ve been following there’s typically a part titled Risk Assessment. You can find this requirement in HIPAA, PCI DSS, EU GDPR,...

Read More

Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.