BSidesJXN 2017 – Improving Vulnerability Management

Posted on November 13th, 2017

BreakPoint Labs engineers had a great time this past weekend at BSidesJXN 2017 held at the Bomgar facility in Jackson, MS. Our engineers gave a talk titled “Adding Pentest Sauce to Your Vulnerability Management Recipe” – all about improving vulnerability management based on Red Team tips and tricks. BSidesJXN is a great example of why […]

Adding Pentest Sauce to your Vulnerability Management Recipe

Posted on August 6th, 2017

One question we get after performing a penetration test is “Why didn’t I see some of these vulnerabilities during our monthly vulnerability scans?” The truth of the matter is many flaws that both attackers and pentesters exploit do not typically show up in a Nessus, Nexpose, or [insert-vuln-scanner-name-here] scan. Most senior penetration testers and attackers […]

BreakPoint Labs Awarded GSA IT Schedule 70 Contract for Highly Adaptive Cybersecurity Services

Posted on February 22nd, 2017

  Falls Church, VA – BreakPoint Labs (BPL), a Metropolitan Washington DC-based certified small business and cybersecurity services provider, is proud to announce their award of a General Services Administration (GSA) Schedule 70 contract. Included in the five (5)-year base, up to twenty (20)-year, contract are four (4) new Highly Adaptive Cybersecurity Services (HACS) Special […]

Bsides Philly 2016: Finding A Company’s BreakPoint

Posted on February 15th, 2017

BSides Philly is an information security conference that’s a volunteer organized event, hosted by and for the community, with a goal of advancing knowledge among security engineers.  The conference was held on December 2nd and 3rd 2016 at the Drexel University Creese Student Lounge. Finding A Company’s BreakPoint The goal of this talk is to […]

5 Ways We Get on Your Network: Relaying SMB Credentials

Posted on February 1st, 2017

Once your on an internal network your next thought maybe how can I man in the middle (MITM) systems on the network? OR How can I identify vulnerabilities in what appears to be a fully patched environment across systems? One way that often works while performing an internal pentest is to intercept broadcast protocols like […]

5 Ways We Get on Your Network: Multicast Name Resolution Poisoning

Posted on October 31st, 2016

We find that a majority of the time internal networks allow for credentials to be passed between systems via name resolution traffic such as the Link-Local Multicast Name Resolution (LLMNR) and Netbios Name (NBT-NS) services. By listening, intercepting and manipulating name resolution traffic an attacker can redirect authentication traffic to the attacker’s machine in a […]