what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Thursday, October 07, 2010

playing tigerteam at the end of SecureICT talks

Tigerteam, a TV show about pentesting, released back into 2007 was screened at SecureICT conference on 6th, in the evening. Tigerteam, composes of Nickerson Chris, Ryan Jones and Luke McOmie, shows them break into targets they are hired to by their clients. Attacks include exploitation of Human vulnerability, technological attacks, physical attacks etc.



Tuesday, October 05, 2010

Bad Security Service adds up sum to Losses after a threat succeeds

One funny thing i have learned is that several Security Vendors dont really test security effectively even when contracted to do so. Others may say its more of jurisdiction purposes or the scope, but i think if you are paid to minimize risks for a corporation you should do it at the best value possible.

This comes to the topic pentest. A lot of the vendors don't understand what pentest is and thus, that affects their clients, so leaving them at a greater risk due to the fact they leave, telling them they are secure and so letting them, let gaurd down.

One of the Pentest report i got hold of was explaining how there were open ports which they dint or were not able to exploit but had holes as seen from a scanner. To keep it short, should a pentest report have False positives. No, its should have info on entries that were used to get into the target.

They problem is that the above may require a team which is qualified, talented, intelligent and advanced in the field. Lemmie know your thoughts