Why Security Teams Need a Second Set of Eyes During a recent penetration test, I hijacked the client’s email server, posed as the client CEO, and sent a fraudulent email to the client CFO asking the CFO to wire $10,000 USD to an offshore bank account. Interestingly, after receiving a string of actual malicious phishing […]Read More
I recently conducted a penetration test of a web application. Because of design decisions, I was able to bypass CAPTCHA to brute force user accounts and, ultimately, bypass file upload restrictions to upload malware onto the web server and into the internal network environment. The owner had taken a healthy view of security, had conducted […]Read More
At Critical Start we use a concept called the Defendable Network and map organizations to SecCon levels designed to give companies a chance against threat actors of varying skill levels. We group threat actors skill levels into: Untrained Attacker (just gets lucky) Novice Attacker Intermediate (using automated tools mostly) Advanced Expert Phineas Fisher is a Blackhat hacker and […]Read More
Critical Start is the fastest-growing cybersecurity integrator in North America. Our mission is simple: protect our customers’ brands and reduce their business risk. We do this for organizations of all sizes through our award-winning portfolio of end-to-end security services – from security-readiness assessments using our proven framework (the Defendable Network) to the delivery of managed detection and response, incident response, professional services, and product fulfillment. Critical Start has been named to the CRN 2018 Tech Elite 250 and top 100 Security MSPs lists.