Penetration Testing Findings: Exposed Non-Production Environments

Non-production environments refer to any setup that is used for purposes other than live, operational applications. This includes development, testing, staging, and quality assurance (QA) environments. They are essential for preparing software for production by allowing thorough testing and debugging. A lot of us security minded folks are aware developers standup non prod environments and

IoT Penetration Testing Part 1

IoT Penetration Testing is one of our favorite types of testing here at Brackish Security. This will be the first of a multi-part blog series on embedded device security (the “Internet of Things” or IoT). Our goal is to show how the Brackish security team approaches an IoT pentest, including detailed methodologies and examples.  IoT

MouseJacking (With Flipper Zero): Tales from Pen Testing Trenches

As a continuation in our series of penetration testing stories (who doesn’t love those) we bring you MouseJacking (With Flipper Zero). Check out the first blog post in the series here here. In this engagement, we were successfully able to compromise a network utilizing an old attack vector – MouseJacking. MouseJacking was first brought to

The Ultimate Guide to Protecting Your Business from Phishing Scams

In today’s digital age, cybersecurity is not just a technical necessity but a cornerstone of a successful business strategy. Among the myriad of cyber threats, phishing scams stand out for their cunning simplicity and devastating effectiveness. Phishing attacks manipulate human psychology to steal confidential information, disrupt business operations, and compromise customer trust. This comprehensive guide

Tales from Pen Testing Trenches: MAC Address Whitelisting Failure

MAC address whitelisting is commonly perceived as a foolproof network security mechanism. Yet, Brackish Security’s recent test on a wireless network illustrates how easily this method can be bypassed, challenging its efficacy as a standalone security solution. MAC address whitelisting operates on the premise that only devices with pre-approved MAC addresses can access a network.

Different Types of Penetration Testing: A Comprehensive Guide

Penetration testing, a critical component of cybersecurity, involves evaluating the security of IT systems by simulating cyber attacks. These tests are essential for uncovering vulnerabilities that could be exploited by hackers. This post explores the various types of penetration testing, each targeting different aspects of an organization’s IT infrastructure. Network Penetration Testing: Network penetration tests

Penetration Testing 101: What Every Business Owner Should Know

As the digital landscape evolves, so do the challenges in maintaining robust cybersecurity. For business owners navigating this terrain, understanding the role and significance of penetration testing, commonly referred to as pen testing, is essential. This introductory guide aims to demystify pen testing, explaining what it is, how it’s conducted, and the benefits it offers

Risks of Storing Passwords in BitBucket Repositories

As penetration testers, like SharePoint, (check out our previous blog post here, Bitbucket is a gold mine for credentials. In the dynamic world of software development, tools like Bitbucket are indispensable for version control and collaboration. However, a common yet often overlooked security misstep is the storage of sensitive information, such as passwords, within