Cyber Security Awareness and Vulnerabilities Blog

Here is the summary for all of the exploits and updates shipped to Impact 18.1 since its release (on Feb 14th): 14 Updates overall 3 Remote Exploits 5 Client-Side Exploits 3 Local exploits 3 Product Updates   Here is the list of published updates: Remote Exploits: Symantec Messaging Gateway performRestore OS Command…

Read More

We all know that there are clear problems in the industry when it comes to role design and entitlement certification. Problems like: Lack of visibility: Most entitlements and user access logs are kept in spreadsheets, whether on their machine or in an online tool,…

Read More

Securing Enterprise Business Applications such as SAP systems poses a large set of challenges. Most companies have been passing through and maturing on how to adopt cryptography and encryption on these systems. However, this opens the door for new challenges. The protection of…

Read More

Today we're sharing how to use the customizable reports functionality available in Core Impact. In order to generate such agents, we'll use the "Network Report Generation" wizard. From the list of available reports, filter for type "spreadsheet" and select "Network Host Report". When clicking on "Duplicate"…

Read More

It is our mission to continue to produce the most effective and efficient security products and services on the market. Today, I am happy to announce the release of Core Impact 18.1, our market leading penetration testing solution – where we put the…

Read More

"I heard on the news about how some sites and mobile apps are vulnerable to Man-in-the-Middle attacks.  What is a Man-In-The-Middle Attack, how does it work, and how can I protect myself?" Man-in-the-Middle (MitM) attacks are basically one website stepping in-between you and a…

Read More

It’s the start of a new year. A time where it’s normal for businesses to look at what worked, what didn’t and what to start or stop. With those conversations happening, it’s just as important to discuss this from a security perspective. Looking back,…

Read More

In today’s connected world there are too many devices and too many networks to protect and cyber criminals are more sophisticated than ever. The 2017 threat landscape proved that no one is immune to cyber attacks. But can we take the cybersecurity mistakes…

Read More

While working on the NVIDIA DxgDdiEscape Handler exploit, it became obvious that The GDI primitives approach discussed the last couple of years would be of no help to reliably exploit this vulnerability. So we came up with another solution: We could map some specially chosen virtual addresses,…

Read More

More than 1,800 delegates from companies around the globe converged last week in Las Vegas for Gartner’s annual Identity and Access Management (IAM) Summit. Gartner IAM is unique in that it is solely focused on identity and access management rather than covering all…

Read More