Is there a community review site of pentesters?
I've been dealing with a couple of high-profile security outfits (well indirectly, the actual pen testing was further outsourced to them by the IT outsourcers actually managing the whole thing) and we've found the level of hole-spotting pretty inadequate.I let them loose on a test setup that we created by cloning a part of our existing infrastructure along with a few tweaks both obvious and not so obvious, and among other really pretty basic issues they e.g. missed "changeme" on an Internet-facing appliance (though I was amazed that wasn't owned by someone else in seconds).I went in to the results presentation as the techidiot senior management, requested it be told to me in a form I can understand because I can barely use my iPad ha, and I got the full force of the sales pitch. What was really egregious was that "problems" which aren't exploitable problems in the state they are that they did find were skewed to be major security holes.If we're shelling out the bucks for the regular testing and reporting I'd rather we got in someone who is actually good at this, instead of an extensively accredited outfit with excellent documentation suited for box-ticking who's actually pretty shite.I have zero personal contacts in the netsec field, and neither do my IT. So I'm faced with how do I go hunting for potential pentesters. What are good resources? Thanks
Submitted September 20, 2017 at 04:05PM by durabledildo
via reddit http://ift.tt/2hgpEPy
I've been dealing with a couple of high-profile security outfits (well indirectly, the actual pen testing was further outsourced to them by the IT outsourcers actually managing the whole thing) and we've found the level of hole-spotting pretty inadequate.I let them loose on a test setup that we created by cloning a part of our existing infrastructure along with a few tweaks both obvious and not so obvious, and among other really pretty basic issues they e.g. missed "changeme" on an Internet-facing appliance (though I was amazed that wasn't owned by someone else in seconds).I went in to the results presentation as the techidiot senior management, requested it be told to me in a form I can understand because I can barely use my iPad ha, and I got the full force of the sales pitch. What was really egregious was that "problems" which aren't exploitable problems in the state they are that they did find were skewed to be major security holes.If we're shelling out the bucks for the regular testing and reporting I'd rather we got in someone who is actually good at this, instead of an extensively accredited outfit with excellent documentation suited for box-ticking who's actually pretty shite.I have zero personal contacts in the netsec field, and neither do my IT. So I'm faced with how do I go hunting for potential pentesters. What are good resources? Thanks
Submitted September 20, 2017 at 04:05PM by durabledildo
via reddit http://ift.tt/2hgpEPy
reddit
Is there a community review site of pentesters? • r/security
I've been dealing with a couple of high-profile security outfits (well indirectly, the actual pen testing was further outsourced to them by the IT...
Shoplifting: Defeating Theft Detection and Prevention Technology
http://ift.tt/2wxL9Gj
Submitted September 20, 2017 at 04:40PM by MicheeLengronne
via reddit http://ift.tt/2jJDNcG
http://ift.tt/2wxL9Gj
Submitted September 20, 2017 at 04:40PM by MicheeLengronne
via reddit http://ift.tt/2jJDNcG
IT SECURITY GURU
Shoplifting: Defeating Theft Detection and Prevention Technology - IT SECURITY GURU
Typically considered one of the most accessible and in many cases least-sophisticated types of crime, shoplifting persists as an undeniably damaging affliction across the retail sector. In fact, the National Retail Security Survey reported that loss of inventory…
Concept: Malware Uses Security Cameras With Infrared Capabilities to Steal Data
http://ift.tt/2xkzB7W
Submitted September 20, 2017 at 04:32PM by Hamm3rH3ad
via reddit http://ift.tt/2xn5xIZ
http://ift.tt/2xkzB7W
Submitted September 20, 2017 at 04:32PM by Hamm3rH3ad
via reddit http://ift.tt/2xn5xIZ
BleepingComputer
Malware Uses Security Cameras With Infrared Capabilities to Steal Data
Proof-of-concept malware created by a team of Israeli researchers uses the infrared capabilities of modern security cameras as a channel for data exfiltration, but also to receive new commands from its operators.
How to contact yahoo experts by Phone!
http://ift.tt/2wGhs0Z
Submitted September 20, 2017 at 05:20PM by smithsgone
via reddit http://ift.tt/2xmIpud
http://ift.tt/2wGhs0Z
Submitted September 20, 2017 at 05:20PM by smithsgone
via reddit http://ift.tt/2xmIpud
contact-yahoo-phone
How To Contact Yahoo Experts By Phone? | contact-yahoo-phone
Yahoo email services are now being used by millions of users, cutting across geographical locations and language barriers. What makes Yahoo popular among the us...
Top SECURITY SERVICES IN Noida-NCR -Security A1 .Com
http://ift.tt/2xgxnow
Submitted September 20, 2017 at 05:41PM by ayeonemanagement
via reddit http://ift.tt/2ydnffp
http://ift.tt/2xgxnow
Submitted September 20, 2017 at 05:41PM by ayeonemanagement
via reddit http://ift.tt/2ydnffp
Security-A1
Security Services in Noida-NCR | Best Security Services in Noida - Aye One Management
Security Services in Noida - Aye One Management is leading Security Service Providers in Noida, provid Security Services in Noida-NCR. We offer Best Security Services in Delhi/Gurgaon/Noida/NCR.
Read on the Web: Google Chrome Will Mark FTP Resources As “Not Secure”
http://ift.tt/2xgo6wD
Submitted September 20, 2017 at 05:09PM by MicheeLengronne
via reddit http://ift.tt/2wG51lR
http://ift.tt/2xgo6wD
Submitted September 20, 2017 at 05:09PM by MicheeLengronne
via reddit http://ift.tt/2wG51lR
Limawi
Read on the Web: Google Chrome Will Mark FTP Resources As “Not Secure”
Read on the Web: It seems like Google is making some serious changes in its products, especially Chrome browser to provide users a smooth experience and better security.
The Once and Future Onion | Paul Syverson
http://ift.tt/2xixwba
Submitted September 20, 2017 at 05:06PM by IntroductionPoints
via reddit http://ift.tt/2yoNe4p
http://ift.tt/2xixwba
Submitted September 20, 2017 at 05:06PM by IntroductionPoints
via reddit http://ift.tt/2yoNe4p
Breaking out of restricted windows environment
http://ift.tt/2hgzXDx
Submitted September 20, 2017 at 04:53PM by kapilajain23
via reddit http://ift.tt/2ydlPl1
http://ift.tt/2hgzXDx
Submitted September 20, 2017 at 04:53PM by kapilajain23
via reddit http://ift.tt/2ydlPl1
Kikgard metal doorjambs — Selecting the right door for your house
http://ift.tt/2w6yLbZ
Submitted September 20, 2017 at 06:14PM by kikgard
via reddit http://ift.tt/2hgL53h
http://ift.tt/2w6yLbZ
Submitted September 20, 2017 at 06:14PM by kikgard
via reddit http://ift.tt/2hgL53h
Medium
Kikgard metal doorjambs — Selecting the right door for your house
Where do you begin? Picking a front door can be very confusing, however subsequent to perusing this article, picking your front door will…
Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner
http://ift.tt/2wGjIFn
Submitted September 20, 2017 at 06:34PM by 0xbaadf00dsec
via reddit http://ift.tt/2ypKlAC
http://ift.tt/2wGjIFn
Submitted September 20, 2017 at 06:34PM by 0xbaadf00dsec
via reddit http://ift.tt/2ypKlAC
Intezer
Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner - Intezer
Recently, there have been a few attacks with a supply chain infection, such as Shadowpad being implanted in many of Netsarang’s products, affecting millions of people. You may have the most up to date cyber security software, but when the software you are…
Security checklist to develop hack-proof apps
http://ift.tt/2wxFlg2
Submitted September 20, 2017 at 07:14PM by him_tyagi
via reddit http://ift.tt/2fj5TtI
http://ift.tt/2wxFlg2
Submitted September 20, 2017 at 07:14PM by him_tyagi
via reddit http://ift.tt/2fj5TtI
Security In 5: Episode 72 - CIS 17 Security Awareness
http://ift.tt/2xhGN3a
Submitted September 20, 2017 at 06:39PM by BinaryBlog
via reddit http://ift.tt/2wwy3Jo
http://ift.tt/2xhGN3a
Submitted September 20, 2017 at 06:39PM by BinaryBlog
via reddit http://ift.tt/2wwy3Jo
Libsyn
Security In Five Podcast: Episode 72 - CIS 17 Security Awareness
Continuing with the Critical Security Controls Top 20 we are at number seventeen. This control talks about Security Awareness and education efforts in your business. Security is only successful when others understand and can recognize threats and have the…
Underground Hacking Forum Admins Having Second Thoughts About Selling Ransomware
http://ift.tt/2heSvYd
Submitted September 20, 2017 at 07:39PM by DJRWolf
via reddit http://ift.tt/2xSq1uo
http://ift.tt/2heSvYd
Submitted September 20, 2017 at 07:39PM by DJRWolf
via reddit http://ift.tt/2xSq1uo
BleepingComputer
Underground Hacking Forum Admins Having Second Thoughts About Selling Ransomware
Administrators of various underground hacking forums hosted on both the public Internet and Dark Web are having serious discussions about the ethics of allowing the sale of ransomware via their platforms.
BSides Augusta 2017 [Videos]
https://www.youtube.com/playlist?list=PLEJJRQNh3v_PQEsZ8R7H6xKe9Bkg_KnVC
Submitted September 20, 2017 at 07:01PM by reaperb0t
via reddit http://ift.tt/2jLkwYx
https://www.youtube.com/playlist?list=PLEJJRQNh3v_PQEsZ8R7H6xKe9Bkg_KnVC
Submitted September 20, 2017 at 07:01PM by reaperb0t
via reddit http://ift.tt/2jLkwYx
YouTube
BSidesAugusta 2017 - YouTube
[Tomcat on Windows] Remote Code Execution, fixed in Tomcat 7.0.81
http://ift.tt/2xmM4Ig
Submitted September 20, 2017 at 08:54PM by redditrwx
via reddit http://ift.tt/2ypGpQp
http://ift.tt/2xmM4Ig
Submitted September 20, 2017 at 08:54PM by redditrwx
via reddit http://ift.tt/2ypGpQp
DDoS explained: How denial of service attacks are evolving
http://ift.tt/2wLgmT4
Submitted September 20, 2017 at 09:38PM by yourbasicgeek
via reddit http://ift.tt/2faPDaC
http://ift.tt/2wLgmT4
Submitted September 20, 2017 at 09:38PM by yourbasicgeek
via reddit http://ift.tt/2faPDaC
CSO Online
DDoS explained: How denial of service attacks are evolving
A distributed denial of service (DDoS) attack is when attackers attempt to make it impossible for a service to be delivered, typically by drowning a system with requests for data. They have been part of the criminal toolbox for twenty years, and are only…
Security Now 629 Apple Bakes Cookies | TWiT.TV
http://ift.tt/2ycHtG7
Submitted September 20, 2017 at 08:57PM by dmp1ce
via reddit http://ift.tt/2ye4atP
http://ift.tt/2ycHtG7
Submitted September 20, 2017 at 08:57PM by dmp1ce
via reddit http://ift.tt/2ye4atP
TWiT.tv
Security Now 629 Apple Bakes Cookies | TWiT.TV
This week Padre and Steve discuss what was up with Security Now's recent audio troubles, more on the Equifax Fiasco, the EFF & Cory Doctorow weigh in on forthcoming browser enc…
Beers with Talos EP 13: A Vast CCleanup, Strutting Your Stuff, and the Ex$ploit Economy
http://ift.tt/2xerz1p
Submitted September 20, 2017 at 08:48PM by WorksAtCisco
via reddit http://ift.tt/2fb5xC1
http://ift.tt/2xerz1p
Submitted September 20, 2017 at 08:48PM by WorksAtCisco
via reddit http://ift.tt/2fb5xC1
Talosintelligence
Beers with Talos EP 13:A Vast CCleanup, Strutting Your Stuff, and the Ex$ploit Economy
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
Optionsbleed - Ubuntu has fixes in the pipe as of yesterday
http://ift.tt/2jKtcy1
Submitted September 20, 2017 at 09:30PM by BloodyIron
via reddit http://ift.tt/2xdZp6y
http://ift.tt/2jKtcy1
Submitted September 20, 2017 at 09:30PM by BloodyIron
via reddit http://ift.tt/2xdZp6y
Abusing delay load DLLs for remote code injection
http://ift.tt/2faBU3I
Submitted September 20, 2017 at 11:42PM by FILLABUSTA
via reddit http://ift.tt/2wGLLEM
http://ift.tt/2faBU3I
Submitted September 20, 2017 at 11:42PM by FILLABUSTA
via reddit http://ift.tt/2wGLLEM
new ransomware attack
http://ift.tt/2hfysZR
Submitted September 20, 2017 at 11:25PM by rythmshifter03
via reddit http://ift.tt/2xw30MZ
http://ift.tt/2hfysZR
Submitted September 20, 2017 at 11:25PM by rythmshifter03
via reddit http://ift.tt/2xw30MZ
Axios
Ransomware hack targeting 2 million an hour
The hack is automated to send 8,000 variants of the virus.