It’s that time again. If you weren’t already aware from the campaign calls & emails, the televised debates, and the social media storm, the latest American election is upon us.

Did you know that we’ve just come to the end of National Cybersecurity Awareness Month?

If you’ve ever created payloads for different pen testing or red team projects, you might have run into the problem that comes after bypassing antivirus/endpoint detection and response (AV/EDRs)—after successfully circumventing these, the code and techniques used only works for a few weeks or months before getting flagged as malicious.

If you’re running a business online, you’re likely providing an application program interface (API) on your website that allows your customers or business partners to enter and retrieve data. At Schellman, we primarily see REST-based APIs, but we’ve also tested GraphQL and occasionally SOAP.

Famous detectives throughout history have always been thrown into cases. That’s the nature of their job—the situation to create the case occurred, and it’s up to Sherlock Holmes to follow a trail of clues to determine the solution. When you perform an internal network pen test, the nature of the work is similar, but there are a few things you can do to help these cyber “detectives” maximize your knowledge gained and action items moving forward. Schellman’s Pen Test Team is experienced, and we often get asked to perform this specific type of evaluation. Having gone into these sorts of engagements many times before, we want to share some helpful insight specific to this kind of test.

If you remember Larry King, you might know that during his time at CNN he became a legendary interviewer, having spoken with politicians, celebrities, athletes, and royalty all during his tenure.

In the hit song, Sweet Dreams (Are Made of This), Eurythmics produced a bop that encourages everyone to stay optimistic and to keep working towards their goals.

It was once remarked that “there are no rules of architecture for a castle in the clouds.”