July 2020 Roundup

July 2020: Cybersecurity Roundup

This past month in cybersecurity:

  1. Twitter suffered a major hack on high-profile accounts
  2. Russian hackers targeted COVID-19 vaccine research organizations
  3. The UK planned to bar Huawei from 5G network
  4. Kentucky’s unemployment system had a 2nd data breach
  5. China suspected of hacking the Vatican

Read More

Logo Pyramid

Maintain your Privacy Online

The expression “you can run, but you can’t hide” has never been truer than on the Internet today. Protecting your privacy seems harder than ever with companies like Google and Facebook tracking your every move online and U.S. laws like the Freedom Act giving the government broader access to your browser and search history. And if that isn’t enough, frequent data breaches have resulted in your most sensitive information being made public on the dark web.

It’s not all doom and gloom, though, a variety of companies have dedicated themselves to providing everyday users with the tools they need to protect their right to privacy. In this article, we will walk you through some of the tools that we use to protect our privacy.

Specifically, the tools we will be covering are:

  1. Brave Web Browser (with Duck Duck Go)
  2. Nord VPN
  3. Firefox Send (when it comes back…)
  4. Wire
  5. Privacy.com

Note: We are not sponsored by any of these tools and make absolutely no money by endorsing them. We are simply spreading the word about privacy tools we love to use.

Read More

Goal

This tutorial aims to walk you through the steps necessary to configure Burp Suite to rotate your IP on every request using AWS API Gateway. While there are other ways to accomplish this task, AWS API Gateway is cheaper and more reliable than other IP rotation services.

Why would you want to rotate your IP? IP rotation can be useful in several scenarios, especially when the host implements IP-based rate-limiting.

For instance, when mounting a brute-force attack against a web application login form using Turbo Intruder (https://portswigger.net/research/turbo-intruder-embracing-the-billion-request-attack), IP rotation allows the attack to continue, even when there is IP-based rate-limiting or lockout.

Another example is when you are attempting to run the Burp Suite Active Scanner, and the target site begins limiting your requests based on your IP address.

By rotating your IP on every request, these issues disappear.

The IP rotation we will configure in this tutorial is based on the Fireprox tool by Black Hills (https://github.com/ustayready/fireprox). We have modified the tool (very) slightly to work better with Burp Suite, but most of the credit goes to the Black Hills team and the individuals they mention in the credit section of their repository (https://github.com/ustayready/fireprox#credit).

By the end of this tutorial, you will be able to make HTTP requests to your target URL in a browser or via Burp Suite, and your IP will rotate transparently in the background on every request.

Let’s dive in!

Read More

June 2020 Roundup

June 2020: Cybersecurity Roundup

This past month in cybersecurity:

  1. An internal report revealed the CIA had “woefully lax” security policies
  2. Australia suffered several cyberattacks
  3. TikTok might be a trap
  4. Honda was hit hard by attackers
  5. COVID-19 had scammers excited

Read More

Airstream at Sunset

Taking Remote Work to a Whole New Level

When Bri and I first started Pensive Security in 2017, we knew we wanted to be a company that worked remotely. However, we did not realize how remote our work would be.

In May of 2019, we moved into our new office (a 22’ Airstream Sport towed behind a Toyota Tundra), and “The Hacky Campers” were born. Since then, we have visited 40 states, driven at least 40,000 miles, and delivered over 40 high-quality security tests along the way.

Working from the Airstream

How is this possible? A little foresight and a lot of learning on the go.

With an unanticipated number of people working from home these days, we thought we’d walk you through how we do it and hopefully shed some light on how we are able to run a successful business from anywhere.

Read More

Pensive Security Team

How We Got Started

Pensive Security started in 2017 to provide modern cybersecurity services to businesses. Every business owner knows that they should be securing their application or network, but the steps to doing so aren’t always clear.

We recognized that one of the best ways to help businesses quickly identify the weak points in their application or network is to have a vulnerability assessment or penetration test performed. We decided to take the confusion out of security and provide business owners with a clear path to better security.

Read More

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×