• Training
    • Overview
    • Schedule
    • Catalog
    • Training Reviews
    • Delivery Options
    • About Our Training
    • Exam Pass Guarantee
    • Student Funding
    • Alpine Security GSA Schedule
    • DoD 8570/8140 Approved Training
  • Services
    • Overview
    • Medical Device Cybersecurity
    • CISO-as-a-Service
    • Penetration Testing
    • DFARS and CMMC Compliance Audit
    • Breach Prevention Audit
    • Cybersecurity Risk Management Program
    • Enterprise Security Audit
    • Alpine Services Reviews
  • Blog
  • News
  • About Us
    • About Us
    • Meet The Team
    • Why Alpine?
  • Contact
CISO Global (formerly Alpine Security)CISO Global (formerly Alpine Security)
CISO Global (formerly Alpine Security)CISO Global (formerly Alpine Security)
  • Training
    • Overview
    • Schedule
    • Catalog
    • Training Reviews
    • Delivery Options
    • About Our Training
    • Exam Pass Guarantee
    • Student Funding
    • Alpine Security GSA Schedule
    • DoD 8570/8140 Approved Training
  • Services
    • Overview
    • Medical Device Cybersecurity
    • CISO-as-a-Service
    • Penetration Testing
    • DFARS and CMMC Compliance Audit
    • Breach Prevention Audit
    • Cybersecurity Risk Management Program
    • Enterprise Security Audit
    • Alpine Services Reviews
  • Blog
  • News
  • About Us
    • About Us
    • Meet The Team
    • Why Alpine?
  • Contact

penetration testing

National Cybersecurity Awareness Month: 6 Things to Practice During the Month

National Cybersecurity Awareness Month: 6 Things to Practice During the Month

...

What Is DevSecOps?

What Is DevSecOps?

...

6 Penetration Testing Trends to Have on Your Cybersecurity Radar

6 Penetration Testing Trends to Have on Your Cybersecurity Radar

...

Penetration Testing for Compliance: The Top 5 Laws and Regulations that Require Testing

Penetration Testing for Compliance: The Top 5 Laws and Regulations that Require Testing

Penetration testing offers two important benefits — security and regulatory compliance. Rising cybercrime, such as the Equifax breach, has affected millions of Americans who now insist on knowing that companies will keep their data secure. And government regulators are happy to help them do it by penalizing companies that do not comply with federal guidelines.

digitalworld.local: BRAVERY Walkthrough

digitalworld.local: BRAVERY Walkthrough

This blog is a walkthrough of digitalworld.local: BRAVERY. The VM was created by Donavan and you can download it from VulnHub. According to the author, it was originally designed for OSCP (Offensive Security Certified Professional) practice.

Mr. Robot Walkthrough (Vulnhub)

Mr. Robot Walkthrough (Vulnhub)

Anyone who is inspired to partake in a challenging course such as the Offensive Security Certified Professional (OSCP), or Licensed Penetration Tester-Master (LPT (Master)), knows that practice makes you a better hacker. Vulnhub is a great resource to find purpose-built virtual machine images to practice on. This image is based on a popular TV show, and we are going to walk through exploiting it together.

sqlmap: Sucking Your Whole Database Through a Tiny Little Straw

sqlmap: Sucking Your Whole Database Through a Tiny Little Straw

Hacking seemed like an arcane art, only mastered by those willing to spend years pouring over dusty tomes of x86 assembly language manuals and protocol RFCs.  It did not occur to us that many of the vulnerabilities could be exploited by anyone with basic web development coding skills and the willingness to spend a few hours on research. One of these mysterious incantations was the dreaded “SQL Injection” attack.  What exactly could one do with a SQL Injection attack, anyway?  No one was quite sure, but since our software was going into a secure military installation, we were pretty sure that the perimeter defenses would prevent anyone from harming it.

A Penetration Testing Career – Do You Have What It Takes?

A Penetration Testing Career – Do You Have What It Takes?

Penetration testing, also known as ethical hacking, is one of the hottest jobs in tech today. What other career lets you pretend you’re in The Matrix, working your way into systems like a top-level hacker, all without breaking any laws. Oh, and you’re getting paid for it.With a real-world penetration testing job, though, you’re not just playing at hacking into systems. You actually are hacking into systems, and your employer’s very existence may depend on your ability to do it.

Top Penetration Testing Certifications

Top Penetration Testing Certifications

Penetration testing, also known as pen testing, is an ethical hacking tactic that helps companies protect themselves. Penetration testers try to break into clients’ digital systems to find weaknesses before a black hat hacker does. This is a growing field as companies seek to prevent the high profile data breaches that have happened in recent years. The top penetration testing certifications can help you get into this field.

Web Application Penetration Testing: Why It’s Necessary and What You Need to Know

Web Application Penetration Testing: Why It’s Necessary and What You Need to Know

Web applications are the critical systems of many networks. They store, process, and transmit data. They are also vulnerable to hackers who can find vulnerabilities. So, the question becomes how secure is your network? And how comprehensively has it been tested?

Byobu – Keep Your Terminal Sessions Running in the Background

Byobu – Keep Your Terminal Sessions Running in the Background

Byobu is a wonderful tool that allows multiple sessions running in the background, even when the SSH session that launched them dies.

Who Needs Pen Testing? 3 Industries that Rely on It

Who Needs Pen Testing? 3 Industries that Rely on It

Penetration testing – sometimes called white-hat hacking – is how companies manage risk, increase business continuity, and protect clients from data breaches. In highly regulated industries such as healthcare, banking, and service industries, it also helps companies stay compliant. SOC 2, HIPAA, and PCI DSS are three of the main regulations that require penetration testing.

Two Keys to Stopping Cyber Attacks 

Two Keys to Stopping Cyber Attacks 

Protecting your agency or company from cyber crime is critical to keeping your business running smoothly and profitably in the digital age.

What are two of the most likely areas of vulnerability in your cyber defense strategy

Empire: A PowerShell Post-Exploitation Tool

Empire: A PowerShell Post-Exploitation Tool

This blog demonstrates how to download PowerShell Empire, a post-exploitation tool, in Kali Linux, create a script, make a connection back to your machine from the victim machine without Windows Defender blocking it, elevate privileges, and extract password hashes using Mimikatz. It is a versatile and useful tool that every penetration tester should have in their arsenal.

Offline Password Cracking: The Attack and the Best Defense

Offline Password Cracking: The Attack and the Best Defense

Offline Password Cracking is an attempt to recover one or more passwords from a password storage file that has been recovered from a target system.  Typically, this would be the Security Account Manager (SAM) file on Windows, or the /etc/shadow file on Linux.  In most cases, Offline Password Cracking will require that an attacker has already attained administrator / root level privileges on the system to get to the storage mechanism. 

Review: EC-Council’s Licensed Penetration Tester (Master) Exam 2.0: The World’s First Proctored, Hands-On Pentesting Examination

Review: EC-Council’s Licensed Penetration Tester (Master) Exam 2.0: The World’s First Proctored, Hands-On Pentesting Examination

The most significant difference with the new exam format is that it is proctored.  This means that you are being watched over your webcam for the entire period of the session.  Proctoring a five-day exam is impractical, so the exam was split into three six-hour sessions.  Each six-hour session consists of three individual “challenges”.  Each challenge involves recovering the contents of a secret file, but some challenges will require hacking more than one machine.  You enter the contents of the file into a web page and submit it when you are done with the session.  You must complete at least one challenge per session, and you must complete at least five out of the nine sessions to pass the exam.

OSCP vs LPT (Master): A Comparison by Someone with Both

OSCP vs LPT (Master): A Comparison by Someone with Both

The OSCP certification is great for individuals with several years of experience in system administration, networking, or software development, who wish to learn “elite hacking skills.” The LPT (Master) is great for those who want to pursue penetration testing as a career and who are looking for a certification that demonstrates that they can complete a realistic penetration test simulation on their own.

Online Password Cracking: The Attack and the Best Defense Against It

Online Password Cracking: The Attack and the Best Defense Against It

Online password cracking has advantages and disadvantages.  It is effective if executed properly. There are numerous defenses to prevent attackers from cracking your passwords.

Black Box Penetration Test Advantages

Black Box Penetration Test Advantages

Black Box Penetration Testing tests a target with little to no prior knowledge about the target environment. Despite the best efforts of vulnerability scanning tools, they often miss critical vulnerabilities and major issues. These missed vulnerabilities can be exploited by attackers to gain full control of your environment. A Black Box Penetration Test identifies additional vulnerabilities and security issues. If minimizing cybersecurity risk is a goal, both a vulnerability scan and a Black Box Penetration Test are recommended.

ECSA Review by a Senior Penetration Tester

ECSA Review by a Senior Penetration Tester

ECSA Certification review by Daniel Sewell, Sr. Penetration Tester for Alpine Security. The EC-Council Certified Security Analyst (ECSA) certification consists of both a hands-on practical penetration test and a multiple choice exam.

BLOG SEARCH:

Connect with Us

Interested in our cybersecurity training or services? Complete the form below and we’ll get back with you right away. We appreciate your interest.


Recent Posts

  • The State of Ransomware 2020
  • National Cybersecurity Awareness Month: 6 Things to Practice During the Month
  • Cybersecurity Checklist for Business Closures, Consolidations, and Acquisitions
  • What Is DevSecOps?
  • Cybersecurity and a Remote Workforce: What Does the Future Look Like?
  • 6 Penetration Testing Trends to Have on Your Cybersecurity Radar
  • Incorporating Privacy and Security by Design into MedTech
  • What is the Difference Between CMMC, DFARS, and NIST 800-171?
  • At Risk: Medical Device Cybersecurity Vulnerabilities Expose Patients to Life-threatening Consequences
  • 5 Reasons to Hire a Fractional CISO
  • Why Private Cybersecurity Training Matters for Your Organization
  • Is the CEH Certification Right For You?
  • Internal Penetration Test vs Vulnerability Assessment: Which is Right for You?
  • Best Beginner Cybersecurity Certification to Get
  • Penetration Testing for Compliance: The Top 5 Laws and Regulations that Require Testing

Alpine Security is a member of the CISO Global family of companies.

Contact Us:

  • CISO Global
  • 6900 E. Camelback Road, Suite 900 Scottsdale, AZ 85251
  • 480-389-3444
  • info@ciso.inc
  • www.ciso.inc

Get Info

About Our Training
About Our Services
Meet the Team
Blog
Terms of Use
Privacy Policy

Join The Community

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube
  • Mail

Proud Partners

© 2021 · Alpine Security, a Cerberus Sentinel Company