Feb 20, 2020 | Graylog, Incident Response, Logging
Logging Made Easy Through Graylog Part 1 Logging is an important piece of an organization’s security posture. Logging without organization, searchability, or reporting leads to data being missed. This is the start of a long series that VDA Labs is writing on... 
Feb 5, 2020 | AppSec, darkweb, OSINT, Secure Development, Security Conferences, Training Events
Shhgit Your Secrets Are On Internet Github has been an amazing tool for developers and open source software communities across the globe. It allows for developers and users to quickly communicate and for issues to be reported to teams during testing. It has also... 
Jan 15, 2020 | Security, Vulnerabilities
Off With A Bang: Microsoft’s First Patch Tuesday of 2020 is a Doozy Starting 2020 off with a bang, Microsoft has released patches rectifying issues with Window’s CryptoAPI and Remote Desktop Gateway. Both of these services serve critical roles in a... 
Jan 7, 2020 | AppSec, Fuzzing, Security Conferences, Training Events
Recently we spoke about what’s hot in fuzzing. Here are the slides – Using Next Generation Fuzzing Tools. If you’d like help with application security Training or Consulting, we’ve helped so many customers, and would love to help your... 
Dec 10, 2019 | Endpoint Security, Security, Training
VDI as a Security Posture: Keeping Your Data in Your Datacenter Although it is pretty common knowledge that Virtual Desktop Infrastructure (VDI) is not a cost saving measure, one area it can help provide value is in an organization’s security posture. It allows... 
Nov 7, 2019 | Auditing, Endpoint Security, Enterprise Security, OSINT, Pentesting, Training
Low-Hanging Fruit Series: Permissions At VDA Labs we work with a variety of companies both large and small. During our engagements, we see many of the same reoccurring issues that allow us access to systems. To help combat these threats VDA is starting a blog series... 
Oct 31, 2019 | Enterprise Security, Pentesting, Phishing, Security, Social Engineering, Training
Low-Hanging Fruit Series: Multi-factor Authentication (MFA) At VDA Labs we work with a variety of companies both large and small. During our engagements, we see many of the same reoccurring issues that allow us access to systems. To help combat these threats VDA Labs... 
Oct 17, 2019 | Auditing, Enterprise Security, Security, Training
Low-Hanging Fruit Series: Password Security At VDA Labs we work a variety of companies both large and small. During our engagements see many of the same reoccurring issues that allow us access to systems. To help combat these threats VDA Labs is starting a blog series... 
Oct 1, 2019 | Pentesting, Phishing, Social Engineering, Training
Phishing Users using Evilginx and Bypassing 2FA Phishing is one of the largest ways that organizations are being compromised in 2019. The common recommendation is that all users should have two factor authentication (2FA) enabled on their accounts to help combat the... 
Sep 25, 2019 | Enterprise Security, Exploit Development, Pentesting, Vulnerabilities
Objective In an effort to help make us all more secure, VDA decided to release a pentest technique, that we discovered a while ago. We notified Microsoft many months ago of this technique, and they have been a great partner as always, in quickly working to mitigate... 