contact us

Finding and Patching the Microsoft ‘BlueKeep’ Vulnerability (CVE-2019-0708)

This past week a serious vulnerability that affects some older versions of Windows, CVE-2019-0708, was disclosed for which Microsoft has produced a patch. This vulnerability in Remote Desktop Services (aka Terminal Services) could allow an...

Quantifying Data Risk in Health Care

Article written by: Joseph Weinberg (Board Member, TimiCoin/TimiHealth) and Sean Murphy (Vice President, Chief Information Security Officer, Premera Blue) The health-care industry has long been subject to rules about the protection of patients’...

read more

Quantifying Enterprise Technology Risk

Methods for Quantifying Technology Risk Article written by: Eric Vanderburg (Vice President, Cybersecurity, TCDI), Koushik Subramanian (CISO - UI Labs and Director Of Manufacturing Cybersecurity - DMDII, UI LABS), Vito Sardanopoli (Principal and...

read more

Rating Criticality of Data Assets

Article written by: Genady Vishnevetsky (Chief Information Security Officer, Stewart Title), Cory Missimore (Assistant Manager, Information Security, Bloomberg BNA), and Bradley Schaufenbuel (CISO, Paylocity)There are no standard methods for...

read more

Rating Criticality of Technology Assets

Article written by: Thomas Dugas (CISO, Duquesne University) and Doug McDorman (Principal Security Architect, T-Mobile)A key task of any cyber-risk assessment is determining which technology assets are most important to the business. The most...

read more

Cyberthreat Risk Modeling and Scoring

Article written by: Nir Yizhak (CISO & DPO, Gigya) and Antonio D’Argenio (Security Architect, Tech Data Corporation)Indentifying and quantifying cyber-risk are essential for effective risk prioritization. Risk scoring not only helps identify...

read more

DEF CON 26 and DerbyCon 2018 Blog and Video

Demystifying MS17-010: Reverse Engineering the Eternal Exploits MS17-010 is the most important patch in the history of operating systems, fixing remote code execution vulnerabilities in the world of modern Windows. The ETERNAL exploits, written...

read more

Koadic: New Features and Video Demonstration

Koadic, or COM Command & Control, is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host...

read more
Prioritize Your Remediation Across a Growing Attack Surface