It’s that time again. If you weren’t already aware from the campaign calls & emails, the televised debates, and the social media storm, the latest American election is upon us.

Did you know that we’ve just come to the end of National Cybersecurity Awareness Month?

If you’ve ever created payloads for different pen testing or red team projects, you might have run into the problem that comes after bypassing antivirus/endpoint detection and response (AV/EDRs)—after successfully circumventing these, the code and techniques used only works for a few weeks or months before getting flagged as malicious.

If you’re running a business online, you’re likely providing an application program interface (API) on your website that allows your customers or business partners to enter and retrieve data. At Schellman, we primarily see REST-based APIs, but we’ve also tested GraphQL and occasionally SOAP.

If you find yourself wondering what exactly an internal network penetration test is and whether or not your organization needs one, then you're in the right place. Many businesses invest heavily in external security but unknowingly remain vulnerable from the inside. That’s where internal pen tests come in handy. Yet despite their proven ability to help strengthen your overall security posture among numerous other notable benefits, it can be difficult to know where to start.

If you remember Larry King, you might know that during his time at CNN he became a legendary interviewer, having spoken with politicians, celebrities, athletes, and royalty all during his tenure.

In the hit song, Sweet Dreams (Are Made of This), Eurythmics produced a bop that encourages everyone to stay optimistic and to keep working towards their goals.

It was once remarked that “there are no rules of architecture for a castle in the clouds.”