Firefox’s appsec add-ons make it a useful tool for new pen testers who can’t afford professional tools.

MobileIron MDM exposes account enumeration and SFA to unauthenticated attacks. This analysis details how to mitigate this vulnerability.

Given Office product functionality, it’s possible for adversaries to leverage Outlook's COM interface in attacks for extended persistence.

Captcha images don’t provide robust protection as a primary security control. This analysis explores how to prevent automated (bot) attacks.

Even when the hooks are removed, defenders can still leverage other EDR functions, such as host isolation for incident triage or remote.

This post identifies systemic endpoint detection and response issues and examines how attackers can bypass any EDR product.

Toolsets have evolved for high-fidelity forensics and investigations – here we map them to the MITRE ATT&CK framework for Enterprise Cloud.

Our team describes how single-factor authentication attack surfaces can be exposed in the AirWatch MDM suite and what steps to take to mitigate risks.

A security vulnerability has been found in the Black Duck Hub REST API Python project (“blackduck” in the PyPI repository). Read more.

How to copy updated WinAutomation databases for RPA with Azure custom script extensions – part five of a series.

Part four in the series: setting up RPA with WinAutomation.