Even a large professional security company like FireEye got hacked the other day by what was claimed to be a nation-state (fire eye breach statement). This hack is a clear example that anyone is vulnerable, and requires adequate hack detection and hack prevention. FireEye had their security detection well in place, which resulted in them […]
Hackers and cyber criminals are going after your online servers, 24 hours a day 7 days a week. They run automated scripts and tools to break into your website. They want to steal your customer data and try to bribe you with this data. You can stay ahead of the game and find out where […]
Did you know that within 5 minutes after a server or website is online, automated attacks start trying to break in? Yes, really! Within 5 minutes, the first attacks happen on your website! You can stay ahead of the game and find out where your weak spots are! Use the onlinehackscan.com services and identify security […]
This article reflects not only how I like to do bug bounty programs, but also how I approach most of my normal penetration tests, red teams or web security assessments. It works well for me and many clients I’ve served have been helped by it. It might very well be not your exact style. I try to show here the […]
One of the topics that came along during my call for subjects was that of preparations for courses, especially the time management part when having a full time job or being a student. I understand where this comes from, I’ve had similar doubts in the past myself. Many courses seem massively large and look like an unclimbable mountain or […]
On a day to day basis I get asked why companies should care more about red teams. Often within the same sentence it is stated that a standard penetration test is sufficient and that other forms of offensive security assessments aren’t needed “because everything is covered already” or “else it might break” One thing I’ve […]
Why People Matter Most? Security is not about Technology. I’m a big advocate of this statement and pose it anywhere I possible can. Why? Because nowadays the security vendor landscape seems to be all about the holy grail and “nextgen 2.0” products. What is missing is the core foundation of people making mistakes, all day, […]
Introduction to the Incident Recently we where notified by a large international company of an incident in one of its sites in the US. The incident resulted in the spread of the computer worm QakBot.T onto an estimate of 160 workstations and laptops inside one of the network sites of the client. The computer-worm created […]
This is a story that i have to tell; it’s impossible to ignore. I spend a couple of days of my time talking to one of the largest companies in the world… They have been looking for ethical hackers / security consultants or whatever you want to call it, so I was introduced by a head hunter […]
Easily two-thirds of the value of any given web vulnerabilities assessment comes from the use of automated web vulnerability scanners. At least that’s been my experience. I certainly don’t have the knowledge – or the time – to manually track down every single flaw on every single page of all the applications that are tested […]
