Tevora, a leading provider of security, governance and compliance solutions, announced the launch of a free, open-source penetration testing tool, SecSmash. The tool, first teased at information security conference BSIDES in July, was designed for security teams, namely, penetration testers and is intended to support existing security systems.
Organizations face many cybersecurity challenges today, one being how can they prevent attackers from using their own security products against them? Many times, the poor deployment of a product can leave critical pieces of infrastructure unprotected. Weak passwords or failing to use two-factor authentication can leave security products intended to protect an organization exposed. The SecSmash framework helps penetration testers identify any such weaknesses and correct them before an attacker poses a threat by turning centralized management, monitoring and security tools into command and control, aka C2, infrastructure. Attackers frequently use the C2 approach to commandeer security systems.
“SecSmash enables penetration testers to use this same C2 approach to better assess the risk of an organizations security system,” said Lead Penetration Tester and SecSmash designer, Kevin Dick. “This tool is the result of the shared knowledge of the penetration testing community, and we wanted to give back.”
Availability and Supporting Technology
SecSmash is available free of charge on GitHub. Its modular framework allows for integration with any available technology solutions. Additional details about the tool can be found on the Tevora Threat Blog.
Tevora is an enterprise consulting firm specializing in information assurance, governance and compliance services and solutions. We work with some of the world’s leading companies, institutions and governments to ensure the safety of their information and their compliance with applicable regulations. With a distinctive combination of proven products and services, Tevora aids enterprises in protecting their most important assets from external and internal threats.