Category: Miscellaneous

There is a HUGE difference between a pentest’s price and a pentest’s cost. You can easily find "pentests" online for a low price - sometimes as little as $2000. But, those cheap "pentests" often come with a high cost. The methodology of those cheap "pentests" is shoddy and often misses entire classes of vulnerabilities. Those […]

There’s a 62.8% chance your organization is using WordPress to manage its website if using a CMS (according to wpzoom.com). This market share dominance is one of the reasons it is highly targeted by hackers. Another reason WordPress is targeted and compromised often is relatively poor default security. Here are some tips to secure the […]

This is one of the most common questions we hear from clients during kick-off meetings. Maybe you have heard it or asked it yourself… The question is: What is your pentesting methodology? Most pentesting firms provide vague, high-level answers to this question. We don’t. Not only do we provide a detailed response during the kick-off, […]

The book of John says a good shepherd knows his sheep and his sheep know him. In cybersecurity, SMB Signing is similar to the shepherd-sheep relationship by verifying the identity of those connecting to your network shares, thus preventing Information Disclosure, MiTM attacks, spoofing, replay, data corruption, and more! SMB signing, present in the Server […]

When was the last time you reviewed your email security settings? If you are like most people, it probably isn’t recently. And yet, if not properly configured, an attacker could potentially spoof your email domain and send email messages to employees, or even clients, that appear to be coming from your email service! One configuration […]

Our unique approach sets us apart - former NSA experts on every engagement ensuring quality, compliance, and unparalleled results. See why our clients continue to choose us after experiencing our superior quality. Source: https://www.youtube.com/watch?v=B5S2Df7SPeM VIDEO TRANSCRIPT INTERVIEWER QUESTION:What specifically makes you unique compared to other firms in terms of experience?ROBERT:Well, with our Nation-state-level hacker experience…It’s […]

Wondering if your cybersecurity provider puts your security first? Ask for a list of dropped vendors due to security flaws. Their response will speak volumes about their priorities!

Discover a new standard in offensive security! This video highlights PEN Consultants' Experience, Transparency, and Values - all of which make us unique. Source: https://www.youtube.com/watch?v=lZCmRKtIHaU VIDEO TRANSCRIPT

Don't underestimate the risks of known vulnerabilities. They could have extreme consequences, including, but not limited to, defacement of content, serious brand reputation issues, inclusion of malware and links to malware, ransomware, data breaches, etc. Example patch time policies: It is understood that patching, on occasion, can have unintended availability side effects. Nevertheless, it is […]

King Solomon said, "A cord of 3 strands is not easily broken." In cybersecurity, authentication using an unpredictable username convention, strong password policy, and securely configured MFA cannot easily be compromised. Usernames: Password Policy: MFA: Featured image is a derivative work from the following images: https://pixabay.com/photos/rope-knot-string-strength-cordage-3052477/