PEN Consultants Logo
Don’t Be a Victim: Find your weaknesses before the criminals do. PEN Consultants can help!

Month: September 2017


Exposing Tanium: A Hacker’s Paradise

Tanium has gained much popularity in the past few years. Those jumping on the Tanium train need to beware. If your company uses Tanium, your data is at high risk, IMO. Their “peer chain” model, and the lack of encryption of that data, are insecure and should not be trusted. This article is about Tanium: […]


Local Admin on X -> Local Admin on All?

If an attacker gains local admin on endpoint X in a corporate environment, is it safe to assume they can laterally move to any endpoint in the environment at will? Factually speaking, the answer is, no! That scenario is only true in a minority of cases. Here are a few common scenarios in which one […]


Breaking My Silence

It has been 3.5 years since I left the NSA. While working there, I could not publish anything of value. Because of all of the OpSec ingrained in me, I have shied away from publishing my research, findings, and discoveries the past few years. Attending Derbycon 2017 helped to finally break my OpSec shell. One […]