What are Default Credentials? A Penetration Testers Best Friend!
While organizations focus on patching vulnerabilities, updating software, and training staff, one of the most overlooked yet dangerous entry points remains default credentials. These seemingly harmless username and password combinations are a hacker’s golden ticket into your network or destruction of the network. Unfortunately, default credentials are something we see on every. single. engagement. The […]
Part 1: Understanding the Basics of Penetration Testing
To stay one step ahead of cybercriminals, proactive measures are necessary. One of the most effective tools in your cybersecurity toolkit is a penetration test (pen test). This blog post is the first in a series designed to guide you through the penetration testing process from start to finish. We’ll start by covering the basics—what […]
Physical Penetration Testing: Why Every Company Should Prioritize It
In an era dominated by digital transformation, businesses are more focused than ever on securing their online assets. Cybersecurity measures such as firewalls, antivirus software, and encryption protocols are essential, but one often overlooked aspect of comprehensive security is physical penetration testing. What Is Physical Penetration Testing? Physical penetration testing involves simulating a real-world attack […]
DIY Penetration Testing
With cyber threats becoming increasingly sophisticated, companies, regardless of their size, need to ensure their networks and systems are secure. However, many small to medium-sized businesses (SMBs) operate on limited budgets, making it challenging to allocate significant resources toward comprehensive security measures. One solution for these companies is to adopt a DIY approach to penetration […]
Red Teaming vs. Penetration Testing
In the realm of cybersecurity, both red teaming (also known as adversarial simulation), and penetration testing play crucial roles in identifying vulnerabilities within an organization’s digital infrastructure. While these terms are often used interchangeably, they represent distinct methodologies with unique objectives. Understanding the differences between red teaming and penetration testing is essential for organizations aiming […]
Penetration Testing Findings: Exposed Non-Production Environments
Non-production environments refer to any setup that is used for purposes other than live, operational applications. This includes development, testing, staging, and quality assurance (QA) environments. They are essential for preparing software for production by allowing thorough testing and debugging. A lot of us security minded folks are aware developers standup non prod environments and […]
MouseJacking (With Flipper Zero): Tales from Pen Testing Trenches
As a continuation in our series of penetration testing stories (who doesn’t love those) we bring you MouseJacking (With Flipper Zero). Check out the first blog post in the series here here. In this engagement, we were successfully able to compromise a network utilizing an old attack vector – MouseJacking. MouseJacking was first brought to […]
The Ultimate Guide to Protecting Your Business from Phishing Scams
In today’s digital age, cybersecurity is not just a technical necessity but a cornerstone of a successful business strategy. Among the myriad of cyber threats, phishing scams stand out for their cunning simplicity and devastating effectiveness. Phishing attacks manipulate human psychology to steal confidential information, disrupt business operations, and compromise customer trust. This comprehensive guide […]
Tales from Pen Testing Trenches: MAC Address Whitelisting Failure
MAC address whitelisting is commonly perceived as a foolproof network security mechanism. Yet, Brackish Security’s recent test on a wireless network illustrates how easily this method can be bypassed, challenging its efficacy as a standalone security solution. MAC address whitelisting operates on the premise that only devices with pre-approved MAC addresses can access a network. […]
Different Types of Penetration Testing: A Comprehensive Guide
Penetration testing, a critical component of cybersecurity, involves evaluating the security of IT systems by simulating cyber attacks. These tests are essential for uncovering vulnerabilities that could be exploited by hackers. This post explores the various types of penetration testing, each targeting different aspects of an organization’s IT infrastructure. Network Penetration Testing: Network penetration tests […]
Penetration Testing 101: What Every Business Owner Should Know
As the digital landscape evolves, so do the challenges in maintaining robust cybersecurity. For business owners navigating this terrain, understanding the role and significance of penetration testing, commonly referred to as pen testing, is essential. This introductory guide aims to demystify pen testing, explaining what it is, how it’s conducted, and the benefits it offers […]
Risks of Storing Passwords in BitBucket Repositories
As penetration testers, like SharePoint, (check out our previous blog post here https://brackish.io/the-risks-of-storing-passwords-in-sharepoint), Bitbucket is a gold mine for credentials. In the dynamic world of software development, tools like Bitbucket are indispensable for version control and collaboration. However, a common yet often overlooked security misstep is the storage of sensitive information, such as passwords, within […]
The Risks of Storing Passwords in SharePoint
In the era of increasing cyber threats, the security of sensitive information has become paramount for organizations of all sizes. SharePoint, a widely used platform for collaboration and information management, is not immune to these concerns. A particularly alarming issue is the storage of passwords in SharePoint, which, if not managed properly, can lead to […]
Another OSCP Blog Post
First, what is the OSCP? If you are ever curious about what it takes to become an ethical hacker, you will most likely find yourself googling “How to become a hacker”. Within your research, it doesn’t take long to read countless blogs and forums that point to the OSCP certification, by Offensive Security. As many […]
Common IoT Device Vulnerabilities in 2023
We made a list of common IoT device vulnerabilities we discovered during the year of 2023! Understanding common vulnerabilities in IoT devices is crucial for both consumers and manufacturers to ensure the safety and privacy of users. In this blog post, we’ll explore these vulnerabilities and discuss measures to mitigate them. Common Vulnerabilities in IoT […]
The Importance of Comprehensive IoT Penetration Testing in Modern Cybersecurity
IoT Penetration Testing is needed in today’s dynamic landscape of the Internet of Things (IoT), where everyday devices are interconnected and smarter than ever. Comprehensive IoT Penetration Testing emerges as a crucial strategy for businesses and individuals alike to fortify their digital frontiers. This blog post delves into the why and how of thorough IoT […]
Shodan Series Part 2: The Untraditional Web Ports
Our goal of this series is to revisit Shodan and demonstrate to IT admins and business owners, how much an attacker can glean of a network without sending any packets to the actual to an organization. Our last post focused on Remote Desktop Protocol being exposed to the publicly accessible internet: https://brackish.io/shodan-series-part-1-the-accidental-open-door/ This week we […]
The Power of Password Complexity
In the constantly evolving landscape of cybersecurity, two factors consistently play pivotal roles in safeguarding digital assets: password complexity and regular penetration testing. At Brackish Security, we’ve seen firsthand how these elements work in tandem to fortify defenses against cyber threats. The Importance of Password Complexity In an age where data breaches are increasingly common, […]
Not All Penetration Tests Are Created Equally
In the dynamic world of cybersecurity, penetration testing (pen testing) has become a cornerstone for businesses seeking to fortify their defenses against cyber threats. However, it’s crucial to understand that not all Penetration Tests are created equally. At Brackish Security, we believe in enlightening our clients about these differences, ensuring they can make informed decisions […]
Shodan Series Part 1: The Accidental Open Door
We wanted to create this blog series to highlight how important regular penetration testing is and how it effectively reduces risk. This week we will focus on port 3389, traditionally used for Windows Remote Desktop Protocol (RDP), which allows users to access their desktop over a network connection. It’s like leaving the keys in the […]
Penetration Testing for Small Businesses: Why It’s Crucial and How to Get Started
In today’s digital age, where online transactions and interactions form the backbone of most businesses, cybersecurity has emerged as a paramount concern. For small businesses, especially, navigating the vast and often murky waters of cybersecurity can seem daunting. Yet, the need for such endeavors has never been more pressing. A concerning statistic reveals that a […]
What is the Difference Between Vulnerability Assessments and Penetration Testing?
In the ever-evolving world of cybersecurity, businesses often come across terms like ‘vulnerability assessments‘ and ‘penetration testing‘. While they might seem interchangeable to the untrained eye, they serve distinct purposes. Both are critical components of a comprehensive security strategy, but they approach the task of safeguarding a network from different angles. Let’s dive into the […]
AI-Enhanced Reconnaissance: Fueling Sophisticated Security Breaches
The dawn of the digital age has led to a constantly evolving cat-and-mouse game between cybercriminals and those working to thwart their malicious intents. While we’ve seen significant advancements in defensive cybersecurity mechanisms, attackers are also leveraging cutting-edge technology to up their game. One such tool in their arsenal is Artificial Intelligence (AI). In particular, […]
Does Affordable Penetration Testing Exist?
Affordable Penetration Testing: A Necessity, Not A Luxury In today’s interconnected world, it’s not a question of if your business will face a cyber threat, but when. As cyber threats continue to evolve, businesses of all sizes find themselves in the crosshairs of potential attacks. But for small and medium-sized enterprises (SMEs), the idea of […]
Unmasking the Shadows: The Unseen Vulnerabilities Within Your Walls
Prior to reading this, please check out a previous blog of ours on how important an external penetration test is. Hey there, security enthusiasts and curious minds alike! Today, we are taking a deep dive into a topic that’s often buzzing around but isn’t always entirely understood – yes, we’re talking about Internal Penetration Testing […]
Beyond the Breach: The Essential Role of Regular Penetration Testing in Safeguarding Organizational Reputation
In today’s interconnected world, cyber resilience is not just about protecting data but is closely tied to an organization’s reputation and trustworthiness. A cyberattack doesn’t only translate to financial losses but can significantly tarnish a company’s image. A case in point is the recent cyberattack on Clorox, emphasizing the imperative of preemptive measures, particularly regular […]
