Scott is currently responsible for the development, and execution of penetration testing at NetSPI. His role includes researching and developing tools, techniques, and methodologies used during network and application penetration tests.
Scott has been providing IT security services to medium sized to Fortune 50 companies for over 10 years. His goal has been to help them identify the risks that exist in their environment, and develop prioritized remediation plans that take into account their business constraints and requirements. As part of that experience Scott has had the opportunity to perform security assessment projects for financial, healthcare, retail, nuclear, manufacturing, and pharmaceutical, organizations.
As an active participant in the information security community, Scott also contributes technical security blog posts, whitepapers, and presentations on a regular basis through NetSPI. NetsPWN: Assessment Services
The goal of this blog is to provide a simple process for testing common breakout scenarios related to applications published via Kiosks, Terminal Services, and Citirx using manual techniques and free tool kits. This should be useful to penetration testers and system administrators alike.
READ POST
NetsPWN: Assessment Services
At some point, all penetration testers get asked, “Where did you learn all this stuff?” In my experience, the question often comes from clients and students interested in pen testing. Usually, they’re asking because they aren’t sure where to start. There are a number of two- and four-year college programs that can provide a nice structured approach, but generally I think penetration testing is like any other skillset; if you find the right resources, a good direction, and study hard, you’ll acquire the skills you’re looking for. However, I will say that it does help to already have a strong IT background.
READ POST
NetsPWN: Assessment Services
Many anti-virus solutions are deployed with weak configurations that provide end users with the ability to quickly disable or work around the product if they wish. This blog will provide a brief overview of 10 issues to watch out for. It should be interesting to administrators looking for basic weaknesses in their current implementations.
READ POST
NetsPWN: Assessment Services
This blog provides a brief overview of SMB Relay attacks and shows how they can be initiated through a Microsoft SQL Server. It will also provide some practical examples that show how to use new Metasploit modules to gain unauthorized access to SQL Servers and other systems during penetration tests.
READ POST
NetsPWN: Assessment Services
In this blog I’ll provide a practical example showing how to use the new authorization bypass and database scraper modules we created to gain unauthorized access to credit card data, social security numbers, and passwords stored in SQL Server.
READ POST
NetsPWN: Assessment Services
For those of you who couldn’t make it to AppSec USA, we’ve put together this blog to provide access to our presentation slides, metasploit modules, and demo videos we released at the conference.
READ POST
NetsPWN: Assessment Services
Unlike previous versions, SQL Server 2008 and 2012 don't provide local system administrators with database administrator rights by default. This was a great idea by Microsoft to reinforce the practices of least privilege and separation of duties. However, in spite of the fact that their heart was in the right place, it was implemented in such a way that any local administrator (or attacker) can bypass the restriction.
READ POST
NetsPWN: Assessment Services
Managing BackTrack R2 via SSH is usually all you need. However, sometimes I like to manage BackTrack from Windows using X11 so that I can also have access to the desktop. In this blog, I’ll show you how to do the same using SSH, PuTTY, and Xming.
READ POST
NetsPWN: Assessment Services
I know that a lot of people have been exposed to ping and port scan discovery techniques, but on large networks those methods alone can be pretty time consuming. So in this blog I thought I would provide some time saving options that can be used in conjunction with the traditional methods.
READ POST
Solutions
Services
About NetSPI
Contact Us
Copyright ©2012 NetSPI Inc. All rights reserved