Archive

June 20, 2024 TL;DR: Compromise of an SCCM administrator account can easily lead to compromise of every machine managed by SCCM.

May 2, 2024 Authors: Marshall Price and Connor Dowling TL;DR: SCCM Network Access Accounts (NAA) are frequently used despite being associated with several attack primitives.

March 28, 2024 Author: Marshall Price, Senior Security Consultant TL;DR: The following conditions can lead to compromise of the SCCM client push account and SCCM machine account.

August 1, 2023 Penetration testing, or pen testing, is a critical strategy for boosting an organization’s cybersecurity profile.

Published August 2023 Penetration testing is a crucial component of any organization’s cybersecurity strategy.

December 8, 2022 The PCI DSS requires that all assessed entities develop and maintain a penetration testing methodology.

October 20, 2022 For the past 25 years, I have been working with Operational Technology (OT), and for the last 10 I have been solely focused on the security side of OT.

October 6, 2022 Penetration testing (pen testing) remains largely the same in PCI version 4.0 as it was intended in PCI version 3.2.1, but the explanation of the intent is clarified.

Many organizations straddle the barrier between two different worlds: the Operational Technology (OT) world of physical machinery, manufacturing systems, SCADA, medical devices, and industrial equipme…

September 9, 2022 Understanding Vulnerability assessment, penetration testing, and attack simulations requires a better understanding of who will be using the results and for what goals.

The process of penetration testing, otherwise known as pen testing, involves imitating an assault on a system or network to discover susceptibilities and shortcomings that may be utilized by hackers.