Categories
vlogs

Phishing Problems

Many organisations consider performing phishing tests against their own staff; whilst this can be a great way to determine your risk exposure and to determine the effectiveness of security awareness training, it can actually introduce problems into your security strategy too. In this episode I talk about a few common issues with company phishing campaigns.

Categories
vlogs

Physical Access PenTesting

In my job as a security tester I often have the weird task of physical access penetration tests. That’s breaking into buildings for a living. So here I give a little introduction to what they are and some of the aims customers have when they procure a test of this nature. Whether it’s involves lock-picking or social engineering, it’s a weird job.

Categories
vlogs

PenTesting v RedTeaming

Red Teams are a romanticised part of security testing; and whilst red team engagements are usually amongst the most fun to deliver – but being fun to deliver doesn’t mean they’re always the most effective from a security point of view. A lot depends on the target organisation’s maturity, defensive capability, and engagement goals.

Categories
vlogs

Downloading More RAM (and other Cloud benefits!)

In this episode I talk a little about hash-cracking with AWS and pushing more workloads to the cloud! In particular I mention using p3.16xlarge instances on AWS with Hashcat to get some serious cracking speeds – like 680 GH/s for NTLM! They expensive at $18,000 per month – but using spot instances and running workloads for only a few hours can get the job done without spending a fortune; especially when compared to my ageing Thinkpad X260…

Categories
vlogs

Vuln Scanning v Pen Testing

In this episode I talk a little bit about what vulnerability scanning, and how it’s different to Penetration Testing – and whether you need both. I also added a few more details here: https://gracefulsecurity.com/vulnerability-assessments-vs-penetration-tests/

Categories
vlogs

Breaking into Security

How to become a Penetration Tester? Well, I talked a little bit about different paths into security testing! I also added a few more details here: https://gracefulsecurity.com/becoming-a-penetration-tester/