Category: Miscellaneous

Vulnerabilities are everywhere. You can be assured your systems have them. There is a good chance the vulnerabilities in your systems may be discovered by an outside party. Do you have internal policies and procedures in place on how to deal with that when it happens? Do you have a public version of that posted? […]

PEN Consultants held its inaugural annual meet-up October 8th – 10th 2021, giving each team member (and their family) the ability to meet each other face-2-face (many for the first time), participate in team-building activities, and give back to the community. Here is a summary of that event. Friday Meeting up at the Neel’s house […]

Throughout most of 2021, we have been increasingly pursued by various business referral partners and investment firms, asking if we would be interested in merging with them or being acquired. This is our boilerplate statement, so as to not have to repeat ourselves. Thanks for reaching out! I don’t think we’re going to be interested […]

On 08 Sep 2021, we utilized Ramsey Solutions’ SmartVestor Pro service to find a firm that could help maximize our investment strategy as both a business and personally. This is a review of our experience with that service. Thank You Thank you to Dave Ramsey and his team for providing this service! We’ve used their ELP service in the […]

17 Sep 2021: Robert Neel of PEN Consultants joined Pete Martin and James Beecham on ALTR’s The Data-Planet to discuss data security challenges and best practices. Source: https://www.linkedin.com/posts/altrsoftware_the-data-planet-this-week-pete-and-james-activity-6844676380626620416-w3Dm If you are interested to know how your network services and web apps would perform against these types of attacks, but you do not have the expertise or resources to do so, contact PEN Consultants today!

An ongoing responsible (but frustrating) vulnerability disclosure with a well-known cybersecurity vendor. After reading through this, please leave your feedback at one of the following polls: The vulnerability risk scores somewhere between a 4.0 and 4.2 on a CVSS calculation (ex. https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N), so not a huge deal. We could certainly develop a working PoC (with time), […]

Here’s a look at the results from our recent effort analyzing GraphQL API endpoints across the web, and the percentage of those endpoints that allowed an unauthenticated user to view the query & data schema. The intent of this article is to address the implications of allowing this schema to be retrieved, similar technologies that […]

This article will demonstrate how to perform a mass collection of all phone records in an enterprise from many popular series of Cisco IP Phones and how to prevent it. Many of the Cisco IP Phone series have a built-in web server that allows users and admins to “view the phone statistics and modify some […]

The Coronavirus outbreak should be taken for what it is, an outbreak that deserves our attention and precautionary measures, but not panic. Notes: A web search similar to “[your country] coronavirus trajectory” will reveal news articles and charts that make it seem the world is coming to an end. Here is an example chart used […]

How confident are you that visitors within your organization are constantly supervised by an employee? How often does an employee fail to properly hand off their escort duties to another employee? This is a solution we came up in response to a recent physical Social Engineering Assessment we preformed for a client. It is an all too […]