Behind the Firewall ft. Suzette Corley

by Morgan Prost / May 22, 2026

A breach notification policy doesn't have to be complex, but it does have to exist. During a recent privacy audit, one of our auditors, Suzette Corley, asked a simple question: “What’s your breach notification process?” The answer? Silence. Followed by: “We’d figure it out if something happened.” That’s more common than you think. Many companies assume they’ll improvise when a breach occurs. But when the clock starts ticking, improvisation becomes…

Behind the Firewall ft. Stu Skove

by Morgan Prost / May 21, 2026

Sometimes the biggest threats are the ones you can't see. During a recent penetration test, Stu Skove uncovered a vulnerability that shows how a single unsanitized parameter can collapse the line between app security and full infrastructure compromise. At first glance, the app looked solid—no obvious issues. But deep in a file download workflow, two parameters were passing user input straight to the OS. The danger? It was blind. No errors,…

Behind the Firewall ft. Brian Lowe

by Morgan Prost / May 21, 2026

Don't just trust the tools. Sometimes, the best finds come from slowing down and asking, “what’s really happening here?” While reviewing how a web application responded to user input, KP’s Senior Penetration Tester, Brian Lowe, noticed something subtle… but it was just enough to warrant a closer look. Instead of relying only on automated tools, he crafted a custom payload by hand.  That extra step revealed a cross-site scripting (XSS) vulnerability…

Behind the Firewall ft. Mark Dube

by Morgan Prost / May 21, 2026

In the worst-case scenario, if any user within the organization were compromised, all of this sensitive information could be leaked externally. During a recent internal penetration test, Mark uncovered a critical security gap that the client was completely unaware of. While performing network enumeration using a custom file share enumeration tool, he discovered several SMB shares that were accessible to all users without any restrictions. These shares contained over 30,000 files, the…

Behind the Firewall ft. Joseph Kirkpatrick

by Morgan Prost / May 21, 2026

Audits are hard, but we make sure it's worth it. Not everyone loves audits, but the right experience can change everything. Joseph Kirkpatrick recently spoke with a new client who had already signed on after meeting him at a roundtable. During their first call, the client admitted he’d never had a good experience with auditors. He didn’t think highly of them, and frankly, he hated audits. Joseph told him this…