Author - revsec

Validating Security Controls and Countermeasures with Penetration Testing

It’s been a few weeks and the dust is starting to settle following the reported data breach in September 2017 at Equifax, one of the big three credit reporting agencies. While other major data breaches have been the result of advanced methods possibly utilizing leaked classified attack techniques, this attack was performed by exploiting a well-known vulnerability within a popular web application. Although this vulnerability had a corrective software patch available, it was not applied to the vulnerable servers. In [...]

Three Reasons to Add a Discovery Phase to Your Next OT Security Assessment

Many of us have accepted that having a 100% accurate inventory of “all the things” (networks, assets, data flows, etc.) is a pipe dream. To put it in NIST CSF terms, if you wait until you master the IDENTIFY function before you do anything in the remaining functions (PROTECT, DETECT, RESPOND, RECOVER), you will likely fail at securing even the most basic environments. So, the condition that Jeremiah Grossman describes in the Tweet below is the reality that we [...]

ICS Cybersecurity: 3 Reasons Why Periodic Technical Assessment (Still) Matters

“Our SCADA communications use AES256 and are 100% secure so we don’t worry too much about security.” That’s a real quote from a real Industrial Control System (ICS) manager from this decade. A technical assessment of that system proved otherwise—there were in fact real cybersecurity vulnerabilities that required immediate and long-term remediation. With all the headlines and activity around cybersecurity for ICS, owners and operators of this technology are challenged to determine what they should be doing to manage their [...]

Practical Steps for Petya Ransomware Protection

You may have heard that there is a new ransomware campaign leveraging the EternalBlue (MS17-10) exploit from the recent Vault 7 leaks. In less than 36 hours, Petya has had a global impact. Initial reports indicate Petya was targeted at banks and power companies in Ukraine. However, it has spread globally, affecting pharmaceutical companies in the UK, oil shipping companies in Russia, multiple companies across North America and Europe, and transport ships operating in international waters. Revolutionary Security has been [...]