Image
June 17, 2021
Go365 performs user enumeration and password spraying attacks on organizations that use Office 365.
Blog
Image
June 17, 2021
Optiv highlights the attack strategy of using forged Kerberos tickets to compromise a domain, and provides ways to defend against it.
Blog
Image
June 02, 2021
Optiv highlights the attack strategy of using forged Kerberos tickets to compromise a domain, and provides ways to defend against it.
Blog
Image
May 12, 2021
This article explores gaps that allow for the undetected execution of code on systems protected by Microsoft Defender Advanced Threat Protection.
Blog
Image
March 24, 2021
Firefox’s appsec add-ons make it a useful tool for new pen testers who can’t afford professional tools.
Blog
Image
March 22, 2021
MobileIron MDM exposes account enumeration and SFA to unauthenticated attacks. This analysis details how to mitigate this vulnerability.
Blog
Image
March 18, 2021
Given Office product functionality, it’s possible for adversaries to leverage Outlook's COM interface in attacks for extended persistence.
Blog
Image
February 17, 2021
Captcha images don’t provide robust protection as a primary security control. This analysis explores how to prevent automated (bot) attacks.
Blog
Image
February 03, 2021
ScareCrow is a payload creation framework for generating loaders that side-load (not inject) into a legitimate Windows process (bypassing Application...
Tool
Image
February 03, 2021
Even when the hooks are removed, defenders can still leverage other EDR functions, such as host isolation for incident triage or remote.
Blog
Image
February 02, 2021
This post identifies systemic endpoint detection and response issues and examines how attackers can bypass any EDR product.
Blog
Image
Software supply chain compromise explained: What you need to know and lessons learned.
Event