NetSPI Blog

NetSPI

Using our consulting team's deep security knowledge and our proprietary CorrelatedVM vulnerability management & reporting solution, NetSPI acts as a trusted advisor to large enterprises by providing deep-dive, manual penetration testing – from mobile applications to entire networks and infrastructures. NetSPI also provides assessment and vulnerability management advisory services designed to analyze and mitigate risks and ensure compliance with relevant regulations and industry standards. Utilizing its proven and comprehensive methodology in conjunction with its adaptive and responsive client service – NetSPI is more than a vendor, its partner you can trust with your most critical assets.

NetSPI
March 9th, 2015

iOS Tutorial – Dumping the Application Memory Part 2

In my previous blog, iOS Tutorial – Dumping the Application Heap from Memory, I covered how to dump sensitive information from the heap of an iOS application using GDB. This time we will be covering how to use Cycript to accomplish the same goal but using the class-dump-z output to specifically pull out properties or […]

NetSPI
January 5th, 2015

iOS Tutorial – Dumping the Application Heap from Memory

Using GDB to dump the runtime heap from memory to gain access to sensitive information that should’ve been removed.

NetSPI
June 30th, 2014

Open Source Frameworks – How secure are they?

How many of your projects include open source software? Maybe it is better to call it free software. As a person who has spent time in the corporate world, I get the idea of using open source software. Much of it is free or at very low cost. However, is it secure and how do […]

NetSPI
March 10th, 2014

“Detective control testing during penetration tests” Scott Sutherland Guest Blogs for Secure360

If you can't wait until the Secure360 conference to see Scott Sutherland's “Attack all the Layers! Again!” presentation or take his class, “Introduction to Penetration Testing” well then here's a guest blog he did for Secure360 to help tide you over… Detective control testing during penetration tests

NetSPI
February 19th, 2014

Karl Fosaaen Guest Blogs for Secure360

NetSPI Senior Security Consultant Karl Fosaaen recently wrote a couple of guest blogs for the upcoming Secure360 2014 Conference blog, you can find them here: 5 Must-Have Web Application Penetration Testing Strategies  5 Must-Have Network Penetration Testing Strategies If you enjoy these, be sure to make it out to Secure360 this year as Karl will […]

NetSPI
July 8th, 2013

Magic Bytes – Identifying Common File Formats at a Glance

When assessing an application, one may run into files that have strange or unknown extensions or files not readily consumed by applications associated with those extensions. In these cases it can be helpful to look for tell-tale file format signatures and inferring how the application is using them based on these signatures, as well as […]

NetSPI
July 8th, 2013

Function Hooking Part I: Hooking Shared Library Function Calls in Linux

When assessing an application for weaknesses in a linux environment, we won’t always have the luxury of freely available source code or documentation. As a result, these situations require more of a black box approach where much of the information about the application will be revealed by attempting to monitor things such as network communications, […]

NetSPI
June 24th, 2013

Biometrics in the age of Pastebin

Let’s go back in time to June, 2012. LinkedIn was compromised and 6.5 million password hashes were released to the internet. Everyone changed their password (right?) and it wasn't *that* big a deal. Now, let’s jump forward in time, to sometime when biometric authentication becomes more common. In this new era, LinkedIn gets compromised, and […]

NetSPI
June 17th, 2013

Great, you use CA SiteMinder, but you broke it!

CA SiteMinder is a secure Single Sign-On (SSO) and Web access management product that is used to authenticate users and control access to web applications and portals. Your company may be considering purchasing SiteMinder or a similar product, or may have already deployed a solution like SiteMinder in your environment. Out of the box, CA SiteMinder […]