Author

 Steve Stasiukonis

Profile of Steve Stasiukonis

News & Commentary Posts: 10
Steve serves as president of Secure Network, focusing on penetration testing, information security risk assessments, incident response and digital investigations. Steve has worked in the field of information security since 1997. As a part of that experience, Steve is an expert in social engineering and has demonstrated actual social engineering efforts involving pretexting, phishing and physically financial institutions, data centers and other highly secure operations and facilities. Steve has contributed to Dark Reading since 2006.
Articles by Steve Stasiukonis

Security's Top 4 Social Engineers Of All Time

5/26/2010
My team here at Secure Network was recently discussing who we considered the best social engineers of all time. My colleagues and I each made a list and defended our candidates based on the creativity, innovation, and the public impact they had made. Here are our final top four social engineers from number four to number one, and why we chose them.

Post a Comment

When Social Engineering Tests Fail

5/18/2010
Our company, Secure Network, has performed numerous security assessments and penetration tests, many of which involved social engineering. That's when we test our clients' employees to see if they adhere to security policies. Even with all of the planning that goes on beforehand, these engagements sometimes can go wrong.

Post a Comment

Using Facebook To Social-Engineer A Business

12/10/2009
My firm was recently asked to compromise a company's network infrastructure using intelligence available from the Internet. The client's CIO was worried that social networking sites provided too much information about its employees and the company, so we discussed the possibility of using information gained from social networking sites to social-engineer our way into the customer's facility and, ultimately, into its network.

Post a Comment

Hacking A Board Meeting

9/14/2009
A client recently asked us to gain access to its facility and attend a meeting of the board and executive management. Here at Secure Network we've been asked to gain access to numerous networks via social engineering techniques, but this job seemed rather unachievable at first. Turns out it was easier than we expected.

Post a Comment

'Kramer' Is In The Building

5/15/2009
My firm, Secure Network Technologies, was recently hired by a large healthcare provider to perform a security assessment. As part of the job, my partner, Bob Clary, posed as an employee, similar to the "Seinfeld" episode in which Kramer shows up and works at a company where he was never actually hired.

Post a Comment

People-Hacking

1/6/2009
My firm was recently hired to perform a network assessment for a fairly large bank. The emphasis on this engagement was circumventing physical controls and gaining access to the bank's internal network infrastructure. As with most financial institutions, we were asked to compromise remote locations (bank branches) and then make an attempt on the main office.

Post a Comment
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.