Image
The Optiv Attack Simulation prepares your purple team to detect, prevent and respond to attacks.
Image
August 17, 2021
We leveraged Microsoft’s OAuth authorization flow for a phishing attack. Here’s step-by-step guidance on how to conduct it for security assessment.
Blog
Image
August 10, 2021
Multiple CVEs involving Active Directory Certificate Services and a new NTLM relay attack can be chained to compromise an Active Directory domain.
Blog
Image
June 17, 2021
Go365 performs user enumeration and password spraying attacks on organizations that use Office 365.
Blog
Image
June 17, 2021
Optiv highlights the attack strategy of using forged Kerberos tickets to compromise a domain, and provides ways to defend against it.
Blog
Image
June 02, 2021
Optiv highlights the attack strategy of using forged Kerberos tickets to compromise a domain, and provides ways to defend against it.
Blog
Image
May 12, 2021
This article explores gaps that allow for the undetected execution of code on systems protected by Microsoft Defender Advanced Threat Protection.
Blog
Image
March 24, 2021
Firefox’s appsec add-ons make it a useful tool for new pen testers who can’t afford professional tools.
Blog
Image
March 22, 2021
MobileIron MDM exposes account enumeration and SFA to unauthenticated attacks. This analysis details how to mitigate this vulnerability.
Blog
Image
March 18, 2021
Given Office product functionality, it’s possible for adversaries to leverage Outlook's COM interface in attacks for extended persistence.
Blog
Image
February 17, 2021
Captcha images don’t provide robust protection as a primary security control. This analysis explores how to prevent automated (bot) attacks.
Blog
Image
February 03, 2021
ScareCrow is a payload creation framework for generating loaders that side-load (not inject) into a legitimate Windows process (bypassing Application...
Tool