Lately, there has been an important increase in the relevance of valid call stacks, given that defenders have started to leverage them to detect malicious behavior. As several implementations of “Call Stack Spoofing” have come out, I decided to develop my own, called Hardware Call Stack. Call stack spoofing 101 To create a credible call stacks, I decided to use the technique developed by William...

The worst thing about supply chain attacks is that the breach is not entirely your fault. Simply by trusting in software and services provided by a third party, they open the door to attack. Attackers look for a softer target in the supplier, gaining access they hope to leverage into more significant attacks. According to research, supply chain attacks have been highly successful, growing by more...

Supply chain attacks were responsible for 62% of system intrusion incidents, according to Verizon’s 2022 Data Breach Investigations Report. This type of attack is one of the most effective ways to compromise organizations because it targets the weakest link in the security chain. Supply chain attacks usually begin by compromising a supply chain partner, such as a developer, distributor, or...

CVE stands for Common Vulnerabilities and Exposures. The CVE program is a reference list providing an id number, description, and instance of known vulnerabilities. The system has become the standard method for classifying vulnerabilities, used by the U.S. National Vulnerability Database (NVD) and other databases around the globe. There are currently over 199,000 CVE records available in the NVD,...

We’re ringing in the new year with the latest release of Core Impact ! Version 21.3 strengthens the connection between Core Impact and Cobalt Strike, amplifying the capabilities of both tools. In addition to this release, Core Security is also excited to be taking over maintenance for Impacket, a critical pen testing tool that allows to work with Windows network protocols and facilitates Active...

Ransomware and phishing are usually put in two separate categories when cyberattack methodologies are discussed. However, ransomware operators are increasingly leveraging phishing tactics to deploy their malicious payloads, and the potential for compromise is exponentiating as a result. Ransomware and Phishing - a match made in heaven Phishing is the number one delivery vehicle for ransomware,...

In 2022, geopolitical unrest and an expanding online attack surface contributed to the emergence of several themes across the cyber landscape. Infrastructures associated with opposing ideologies were highly targeted, with government agencies, supply chains, and IOT devices falling victim to high-profile campaigns. Cybercriminals launched increasingly advanced attacks on vulnerable entities, with...

Discover how Core Password connects with multifactor authentication solutions to add another layer of security to your password reset authentication process.

In this series focusing on Active Directory attacks, we’re running through four different scenarios based on real penetration testing engagements that demonstrate the variety of techniques and tactics that can be used to compromise Active Directory. Part one showed how attackers can gain control using overlooked assets like network connected printers as attack vectors. Part two went over how to go...

In this series focusing on Active Directory attacks, we’re running through four different scenarios based on real penetration testing engagements that demonstrate the variety of techniques and tactics that can be used to compromise Active Directory. In part one, we explored how attackers can take advantage of ignored assets like network connected printers and use them as attack vectors, eventually...

Prior to launching a targeted attack against an organization, threat actors conduct thorough reconnaissance missions, gathering intelligence on employees, the infrastructure, and more. They want to know every possible inch of the attack surface to find every potential exposure before they make their move, using an array of tools and tactics to exploit vulnerable infrastructure. Cybercrime is...

Penetration testing is more than a bunch of ex-hackers in hoodies attempting to break into an organization that hired them. It is a carefully planned and organized engagement that probes and tests a defined piece of an organization's IT infrastructure for potential flaws. Without good intelligence to work from, testers cannot efficiently conduct their attacks, leaving potentially unidentified gaps...

Active Directory is an essential application within an organization, facilitating and centralizing network management through domain, user, and object creation, as well as authentication and authorization of users. Active Directory also serves as a database, storing usernames, passwords, permissions, and more. Active Directory is a perfect example of a technological double-edged sword. While such...

What common security risks/entry points are you most concerned about?In our 2024 Pen Testing Survey we asked what common security risks concerned respondents most. While phishing (80%) and ransomware (72%) were the top concerns, other options had a high enough percentage to warrant further discussion. These included: • Misconfiguration• Poor passwords• Lack of patching• Orphaned...

According to the 2023 Pen Testing Report, 93% of cybersecurity professionals reported pen testing was at least somewhat important for their compliance initiatives. Why is pen testing as a key component of compliance initiatives, and what is the best strategy for meeting this requirement?

Congratulations! You’ve just completed a penetration test. So what now? A pen test shouldn’t represent the pinnacle of your security efforts. Rather, the test validates what your organization is doing right and highlights areas for improvement. Even if the test showed that it was possible to gain administrative access and move laterally through your network, this doesn’t mean you have “failed.”...

Modern threat actors and the condition of today’s threat landscape are forcing the collective hand of cybersecurity to go on the offensive -- and federal agencies are no exception. As cyber attackers grow increasingly adept at identifying and exploiting infrastructure weaknesses, they will opt for the path of least resistance. Therefore, agencies with a security posture that goes beyond...

The Payment Card Industry Data Security Standard (PCI DSS) creates policies and procedures for networks, systems, and other payment card processing equipment in order to reduce credit card fraud. It includes 12 main provisions that must be adhered to not only to stay compliant, but to build and maintain a strong security posture that protects sensitive financial data.Requirement 11 is of...

Though we have a new release planned for later this year, we’ve made some updates to Core Impact that we just couldn’t wait to release and share! First, we have a new agent written in Python to expand its use to different environments and further enhance its flexibility. Additionally, we’re staying on top of the latest threats by updating to the latest OWASP Top 10 list, making web application...

The phrase “you’ve got to walk before you can run” is something that we’ve all heard and rolled our eyes at least once in our lives after we’ve attempted an advanced skill before mastering the basics. The saying is unfortunately very accurate when it comes to cybersecurity. Maturing your vulnerability management program is a process that must be done thoughtfully, ensuring you have a proper...