Blog

On the Reliance of Client Side Security

September 22nd, 2016 by Cory Mathews

I recently conducted a penetration test of a web application. Because of design decisions, I was able to bypass CAPTCHA to brute force user accounts and, ultimately, bypass file upload restrictions to upload malware onto the web server and into the internal network environment. The owner had taken a healthy view of security, had conducted […]

Read More

What Are the Mistakes That Get Hackers Arrested?

April 29th, 2016 by Rob Davis

At Critical Start we use a concept called the Defendable Network and map organizations to SecCon levels designed to give companies a chance against threat actors of varying skill levels.  We group threat actors skill levels into: Untrained Attacker (just gets lucky) Novice Attacker Intermediate (using automated tools mostly) Advanced Expert Phineas Fisher is a Blackhat hacker and […]

Read More

Field Offices

Connect With us