Come Join Aerstone at SnowFROC 2013 The Colorado OWASP chapters are proud to present the 5th annual SnowFROC. Join 300 other developers, business owners, and security professionals for a day-and-a-half of presentations, training, and Birds-of-a-Feather (BoaF) sessions. The SnowFROC 2013 keynote speaker is Neal Ziring, Technical Director of InfoProtection at NSA. The conference will occur [...]

It’s been a little over a year and a half ago the FBI seized servers leased by the once predominant file sharing service Megaupload, shutting down roughly 25 petabytes of data. The FBI targeted Megaupload (soon to be re-launched and re-branded as “Mega”) for claims of storing illegally copied material. The FBI did not discriminate [...]

Aerstone is pleased to announce the Aerstone Security Badging program. Companies successfully completing a security assessment may display a security badge on their website and promotional materials. The badge signifies successful completion of a security assessment within the previous twelve months. Security assessments may be focused on a web application/website or on a company and [...]

Network scanning starts as a simple task… nmap -oA target Unfortunately, it quickly turns into a complicated endeavor requiring a combination of automation, manual tuning, intuition, and discipline. Here are a few gotchas we regularly run into and try to solve. Network device – firewall – reports all IPs as active and/or all ports as [...]

This video shows the process of gaining root access to a web server by hacking the web application, performed by Aerstone’s lead penetration tester Curt Stapleton.  The demo covers discovery, mapping the app, defeating the login, elevating privileges, and gaining root access on the web server. Web Application Testing Techniques demonstrated: Port scanning Web App [...]

With Android and Apple both on the rise Research in Motion main clientele are still the ultra road warrior from the 1990s and the government. Beyond those 2 client markets rim has both success and failure overseas with certain countries want to have access to blackberry servers for national security purposes. Recent articles have indicated [...]

Tool Tip:  Metasploit Scanning Waiting for a Nessus scan to finish?  Got spare time between your port scanning and vuln scanning?  You may want to do some targeted scanning using Metasploit’s array of scanning scripts.  Use these scripts to enumerate users, shares, or default settings based on the service you are targeting. If testing a [...]

On June 2nd, 2012 members of the Aerstone Team participated in the American Cancer Society’s (ACS) Relay for Life. The event Consisted of a Relay walk from 6 P.M. to the following morning at 6 A.M. Members of the Aerstone team helped contribute to the ACS fund as well as participated in setting up for [...]

Aerstone’s Micah Tapman participated in a panel discussion on cyber threats at the Utah Cyber Defense Challenge & Symposium on Friday, June 1, 2012. The panel was led by SAIC’s Peder Jungck and included Matt Might, Assistant Professor in Computer Science, University of Utah; Dmitry Dessiatnikov, Principle Consultant, Accuvant, Inc.; and Brandon Greenwood, Director of IT Security and [...]

Government agencies that would like to make the switch from blackberry devices to Iphone and Android not only have to worry about how to manage and certify them, but also which brand loyalty to sign on to. Starting off with android, Google has made it clear that they have wanted to integrate with the government [...]