<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Blog on Penetration Testing &amp; Security Audits | VidraSec</title><link>https://www.vidrasec.com/blog/</link><description>Recent content in Blog on Penetration Testing &amp; Security Audits | VidraSec</description><generator>Hugo</generator><language>en</language><atom:link href="https://www.vidrasec.com/blog/index.xml" rel="self" type="application/rss+xml"/><item><title>How Much Does a Penetration Test Cost?</title><link>https://www.vidrasec.com/blog/penetration-test-cost/</link><pubDate>Wed, 08 Jul 2026 00:00:00 +0000</pubDate><guid>https://www.vidrasec.com/blog/penetration-test-cost/</guid><description>&lt;p&gt;&amp;ldquo;What does a pentest cost?&amp;rdquo; is the question I get asked the most, and the honest answer is always &amp;ldquo;it depends.&amp;rdquo; That&amp;rsquo;s not a dodge. A pentest is billed by effort, not sold as a fixed product, so the real question underneath it is what decides how much effort a given project actually needs. This post explains exactly that.&lt;/p&gt;</description></item><item><title>VidraCrypt: Zero-Knowledge File Sharing in the Browser</title><link>https://www.vidrasec.com/blog/vidracrypt/</link><pubDate>Mon, 06 Jul 2026 00:00:00 +0000</pubDate><guid>https://www.vidrasec.com/blog/vidracrypt/</guid><description>&lt;p&gt;During a pentest, I regularly need to send clients things they really don&amp;rsquo;t want lying around in an inbox: the final report, extracted credentials, a dump used as proof for a finding. Email and generic file sharing tools are a bad fit for that. So I built &lt;a href="https://github.com/VidraSec/VidraCrypt" target="_blank" rel="noopener noreferrer"&gt;VidraCrypt&lt;span class="sr-only"&gt; (opens in a new tab)&lt;/span&gt;&lt;/a&gt;, a small open-source tool that decrypts files entirely in the browser, with the server never seeing the passphrase or the plaintext.&lt;/p&gt;</description></item><item><title>Pentest Provider Checklist for DACH SMBs</title><link>https://www.vidrasec.com/blog/pentest-provider-checklist-dach-smb/</link><pubDate>Sat, 13 Jun 2026 00:00:00 +0000</pubDate><guid>https://www.vidrasec.com/blog/pentest-provider-checklist-dach-smb/</guid><description>&lt;p&gt;Choosing a penetration testing provider is hard when you are not a security specialist yourself, which is the situation most SMBs are in. The market is full of confident sales pitches, and the difference between a genuinely useful test and an expensive compliance checkbox is not obvious from a brochure. This checklist gives you the specific questions to ask and what good answers sound like.&lt;/p&gt;</description></item><item><title>What a NIS2-Ready Pentest Looks Like for a 50 to 500 Person Company</title><link>https://www.vidrasec.com/blog/nis2-ready-pentest-smb/</link><pubDate>Thu, 11 Jun 2026 00:00:00 +0000</pubDate><guid>https://www.vidrasec.com/blog/nis2-ready-pentest-smb/</guid><description>&lt;p&gt;NIS2 has pulled thousands of mid-sized companies into a compliance regime they never had to think about before. If you run IT at a 50 to 500 person company in the DACH region, you have probably been told you need to &amp;ldquo;do something about NIS2,&amp;rdquo; and that a penetration test is part of it. This article explains, plainly, what a NIS2-ready pentest actually looks like and what auditors expect to see.&lt;/p&gt;</description></item><item><title>Boutique Single-Operator Pentest vs. Large Firm vs. PTaaS: How to Choose</title><link>https://www.vidrasec.com/blog/boutique-vs-large-firm-vs-ptaas/</link><pubDate>Tue, 09 Jun 2026 00:00:00 +0000</pubDate><guid>https://www.vidrasec.com/blog/boutique-vs-large-firm-vs-ptaas/</guid><description>&lt;p&gt;You need a penetration test, and the market offers three very different shapes of provider: the boutique single operator, the large security firm, and the PTaaS platform. They are priced differently, they deliver differently, and they are not interchangeable. This guide compares them on the factors that actually change the outcome.&lt;/p&gt;</description></item><item><title>Phishing Defense: Why Awareness Training Is Not Enough (And What to Do Instead)</title><link>https://www.vidrasec.com/blog/phishing-defense-beyond-awareness-training/</link><pubDate>Mon, 08 Jun 2026 00:00:00 +0000</pubDate><guid>https://www.vidrasec.com/blog/phishing-defense-beyond-awareness-training/</guid><description>&lt;p&gt;&lt;a href="https://www.vidrasec.com/services/security-awareness-training/"&gt;Security awareness training&lt;/a&gt; is valuable. Recognizing suspicious emails, questioning unexpected login requests, and knowing what phishing looks like: all of that makes attacks harder.&lt;/p&gt;
&lt;p&gt;But here&amp;rsquo;s the honest truth: with enough effort, anyone can be phished. I run simulated phishing campaigns for clients regularly as part of &lt;a href="https://www.vidrasec.com/services/cyber-attack-simulation/"&gt;Cyber Attack Simulation&lt;/a&gt; engagements, and I have never failed to catch at least a few users, no matter how good their training is.&lt;/p&gt;</description></item><item><title>The Penetration Testing Buyer's Guide: Scope Right, Spend Smart</title><link>https://www.vidrasec.com/blog/penetration-testing-buyers-guide/</link><pubDate>Tue, 02 Jun 2026 00:00:00 +0000</pubDate><guid>https://www.vidrasec.com/blog/penetration-testing-buyers-guide/</guid><description>&lt;p&gt;You&amp;rsquo;ve decided you need a penetration test. Good call. But before you sign a proposal, there&amp;rsquo;s a lot that can go wrong: wrong scope, wrong methodology, wrong expectations. The result is a report that collects dust and a budget that got wasted.&lt;/p&gt;
&lt;p&gt;This guide is written for the people buying pentests, not the people running them. It covers what a pentest actually is, when to do one, what to expect, and how to avoid the most common and expensive mistakes.&lt;/p&gt;</description></item><item><title>Bypassing BitLocker Without a Screwdriver: bitpixie and What You Can Do About It</title><link>https://www.vidrasec.com/blog/bitlocker-bitpixie/</link><pubDate>Tue, 10 Mar 2026 00:00:00 +0000</pubDate><guid>https://www.vidrasec.com/blog/bitlocker-bitpixie/</guid><description>&lt;p&gt;BitLocker is always a topic in &lt;a href="https://www.vidrasec.com/services/internal-it-infrastructure-penetration-test/"&gt;Windows client pentests&lt;/a&gt;. For full-disk encryption not to be easily bypassed, BitLocker must be configured securely.&lt;/p&gt;
&lt;p&gt;There is in fact a vulnerability that can be used to bypass BitLocker without special hardware, and in principle anyone can exploit it. This post covers the &lt;strong&gt;bitpixie&lt;/strong&gt; attack, why BitLocker’s default mode is vulnerable, and what you can do about it.&lt;/p&gt;</description></item><item><title>Dump Hashes in Windows 11 24H2</title><link>https://www.vidrasec.com/blog/dump-hashes-in-windows-11-24h2/</link><pubDate>Sun, 02 Mar 2025 00:00:00 +0000</pubDate><guid>https://www.vidrasec.com/blog/dump-hashes-in-windows-11-24h2/</guid><description>&lt;p&gt;In this blog post, I describe how I managed to read password hashes from the &lt;code&gt;lsass.exe&lt;/code&gt; process memory in Windows 11 24H2. Since this version was still very new at the time of writing this post, some of the issues are due to a lack of tool support and should be resolved in the future. However, this post may also help in adapting the tools for later Windows versions.&lt;/p&gt;</description></item><item><title>Kerberos: How the Authentication Protocol Works</title><link>https://www.vidrasec.com/blog/kerberos/</link><pubDate>Wed, 15 Jan 2025 00:00:00 +0000</pubDate><guid>https://www.vidrasec.com/blog/kerberos/</guid><description>&lt;p&gt;Kerberos works similarly to a passport: A passport authority issues the passport after the person has identified themselves. With this passport, they can then go to the border and prove their identity.&lt;/p&gt;</description></item><item><title>Active Directory Tiering: Terminal Servers and Helpdesk</title><link>https://www.vidrasec.com/blog/active-directory-tiering/</link><pubDate>Tue, 15 Oct 2024 00:00:00 +0000</pubDate><guid>https://www.vidrasec.com/blog/active-directory-tiering/</guid><description>&lt;p&gt;In this blog post, I will briefly address two often overlooked vulnerabilities and misconfigurations in the Active Directory Tiering model. Specifically, I will focus on the mishandling of terminal servers and the helpdesk user group.&lt;/p&gt;</description></item><item><title>UAC Bypass</title><link>https://www.vidrasec.com/blog/uac-bypass/</link><pubDate>Wed, 07 Aug 2024 00:00:00 +0000</pubDate><guid>https://www.vidrasec.com/blog/uac-bypass/</guid><description>&lt;p&gt;What do we see in the photo? The settings for User Account Control (UAC). But what exactly is that and how can it be bypassed?&lt;/p&gt;</description></item><item><title>BloodHound Introduction for Admins</title><link>https://www.vidrasec.com/blog/bloodhound-intro/</link><pubDate>Thu, 04 Jul 2024 00:00:00 +0000</pubDate><guid>https://www.vidrasec.com/blog/bloodhound-intro/</guid><description>&lt;p&gt;BloodHound is a tool developed by penetration testers and red teamers to better identify and visualize attack paths in Active Directory. However, that doesn&amp;rsquo;t mean it can&amp;rsquo;t also be used effectively by admins or the blue team.&lt;/p&gt;</description></item><item><title>Exploit CheckPoint vulnerability with one simple command</title><link>https://www.vidrasec.com/blog/checkpoint-cve/</link><pubDate>Fri, 31 May 2024 00:00:00 +0000</pubDate><guid>https://www.vidrasec.com/blog/checkpoint-cve/</guid><description>&lt;p&gt;This week, a vulnerability in the CheckPoint VPN Gateway (CVE-2024-24919) was disclosed. Unfortunately, CheckPoint has provided us with very little information about the impact of this vulnerability. I want to change that! I will show how the vulnerability can be exploited and what information an attacker can extract.&lt;/p&gt;</description></item><item><title>Active Directory Password Policy</title><link>https://www.vidrasec.com/blog/ad-password-policy/</link><pubDate>Mon, 29 Apr 2024 00:00:00 +0000</pubDate><guid>https://www.vidrasec.com/blog/ad-password-policy/</guid><description>&lt;p&gt;Unfortunately, setting a good password policy for Active Directory is difficult. This is also because there are several best practices that sometimes contradict each other. In this post, I will try to address the various best practices and give my own recommendation.&lt;/p&gt;</description></item><item><title>Built-in Misconfigurations - Pre-Windows 2000 Compatible Access</title><link>https://www.vidrasec.com/blog/built-in-insecurities-win2k/</link><pubDate>Mon, 22 Apr 2024 00:00:00 +0000</pubDate><guid>https://www.vidrasec.com/blog/built-in-insecurities-win2k/</guid><description>&lt;p&gt;This is the first part of a series in which we look into default insecure configurations in Active Directory. This part covers the &lt;em&gt;Pre-Windows 2000 Compatible Access&lt;/em&gt; group. What is it? What are the risks? And what can we do about it?&lt;/p&gt;</description></item><item><title>Improving the Performance of Linux Guests in Hyper-V</title><link>https://www.vidrasec.com/blog/hyperv/</link><pubDate>Wed, 03 Apr 2024 00:00:00 +0000</pubDate><guid>https://www.vidrasec.com/blog/hyperv/</guid><description>&lt;p&gt;Despite Hyper-V&amp;rsquo;s impressive performance, its GUI can feel sluggish compared to direct interaction on your host. Finding a solution to this was challenging, as resources were scarce. This post outlines how to configure Hyper-V and Linux virtual machines for a more responsive UI, achieving a performance level comparable to VMware Workstation.&lt;/p&gt;</description></item><item><title>Securing BitLocker: Initial Setup and Defending Against Attacks</title><link>https://www.vidrasec.com/blog/setup-bitlocker/</link><pubDate>Fri, 15 Mar 2024 10:46:31 +0200</pubDate><guid>https://www.vidrasec.com/blog/setup-bitlocker/</guid><description>&lt;p&gt;Firstly, what exactly is BitLocker? BitLocker is Microsoft&amp;rsquo;s full disk encryption solution. While there are alternative solutions from other companies, my experience shows that BitLocker is the preferred choice for most organizations today. The reasons are straightforward: it&amp;rsquo;s included at no additional cost and integrates seamlessly with Active Directory and EntraID.&lt;/p&gt;
&lt;p&gt;This article will guide you through setting up BitLocker and also go into some of the potential attacks against BitLocker, offering insights into its security features.&lt;/p&gt;</description></item></channel></rss>