Blog
What's New in Impacket's 0.13 Release?
By Gabi Gonzalez on Wed, 10/22/2025
Our next Impacket release is almost ready to land. Since 0.12, we have been hard at work tackling long-standing feature requests and merging valuable patches from the community. Thanks to these efforts, this release is full of enhancements and improvements that we are excited for users to see. Here's a look at the highlights from the forthcoming release.New Attack Paths and Relay TricksRelay...
Blog
7 Overlooked Attack Vectors Lurking in Your Office Environment
Wed, 10/22/2025
Today’s cybercriminals prefer an easy entrance just as much as a sophisticated exploit. And most often, that’s where they start. Here is a list of seven overlooked attack vectors in which a serious threat could pop up, enter the network, and do serious damage. Remember: While many enterprise cybersecurity approaches are shooting high, a larger number of cybercriminals are “looking low.”1. Printers...
Blog
The Strategic Value of Offensive Security
Fri, 10/17/2025
For anyone who’s been in cybersecurity for even the past five years, the trends are as unprecedented as they are obvious; attacks are now more sophisticated, subtle, and scalable than ever before.
Cybercriminals use AI to automatically find vulnerabilities, the mean time-to-exploit has now dropped to only 5 days (down from 32), and there is little to stop spray-and-pray campaigners from...
Blog
How Pen Testing Shines a Light on Your Hidden Technical Debt
Wed, 10/15/2025
Technical debt can have cybersecurity consequences. Even teams that feel they know exactly what needs fixing are often surprised at what a team of outside hackers can do – as they so often are during a breach.So how can you determine what’s emergency-worthy technical debt? Your backlog might not show it, but your pen test will.Technical Debt as Attack SurfaceIt’s difficult, if not impossible, to...
Guide
How to Build a Culture of Security
Do you have a culture of security at your organization?
No matter your business venture, security should be at the core of the internal operations. Organizational cybersecurity is no easy job and it shouldn’t be the job of just one individual. Unfortunately, every enterprise's number one resource is also their number one threat- their people. By building a culture of security in your organization...
Guide
Dissecting Ransomware: Understanding Types, Stages, and Prevention
New, emerging ransomware attack methods impact organizations every day. Even though ransomware attacks are changing, it's more likely cybercriminals will use tried and true methods that are already proven to be effective. When it comes to ransomware attacks, low effort and high value tactics are easy to implement and very lucrative.
Preventing...
Guide
Ways Hackers Look to Exploit Federal Agencies
Federal agencies are often high targets of attackers to obtain access to your environment, steal data, or leak information.
There are 7 common ways hackers try to get into federal agencies. In this guide you'll get:
Descriptions of each type, a couple of which might surprise you
Real-world examples of why hackers want data in that way
Strategies for...
Guide
Red, Blue, and Purple Teams: Combining Your Security Capabilities for the Best Outcome
Getting a higher return on investment with purple teams
Red and Blue Teams have historically had an adversarial role, serving to work against one another in order to test an organization's security. However, pitting these teams on opposite sides is no longer an effective strategy. In this guide from security analyst SANS, sponsored by Core Security, we examine how the concept of a Purple Team, and...
Guide
Frequent Mistakes in Ransomware Prevention
Elevate your own ransomware prevention strategy by watching out for these Frequent Mistakes in Ransomware Prevention. This guide touches on a variety of don'ts — from errors in your testing approach to blind spots in your third-party partnerships.
Successfully thwarting attackers hinges on what you do as well as what you don't do.
Ransomware...
Guide
Federal Cybersecurity Toolkit
Government Cybersecurity: Establishing Solid Foundations
Federal cybersecurity needs can change quickly based on cyberattackers' increasingly damaging methods. Today’s threat landscape requires agencies to embrace proactive vulnerability management measures, such as penetration testing, Red Teaming, and consistent scans and monitoring. While these evolving security demands can be difficult to...
Guide
Sharpen Your View of Your Security Environment: The SIEM Buyer's Guide
How Do You Find a SIEM Solution That's Right For You?
With organizations constantly under the threat of attack, be it through bad actors or inadvertent insiders, Security Information and Event Management (SIEM) tools have become a vital way for security teams to manage potential vulnerabilities proactively based on real-time information. By efficiently relaying actionable intelligences, a SIEM can...
Guide
Implementing Strategic Cloud Security
The efficiency of cloud platforms has led to an increased reliance over the years, with many organizations now operating from a "cloud-first" principle. Unfortunately, with all the benefits of the cloud, many have developed blind spots when it comes to security. As the cloud becomes prevalent in nearly every aspect of business, cloud security becomes...
Guide
10 Cybersecurity Mistakes to Avoid
Dynamic infrastructures and evolving threat vectors create a moving target when it comes to cybersecurity. With so many moving parts and headline-grabbing events, it's easy to lose site of the basic dos and don'ts of protecting your organization.
We've created this guide to walk you through 10 Cybersecurity Mistakes to Avoid so you can sidestep these...
Guide
9 Ways Cyber Attackers Look to Exploit Government Agencies
While any organization is susceptible to cyberattacks, government agencies — federal, regional, state, and local — can be particularly vulnerable due to the highly sensitive data they have access to in order to carry out their duties. But how exactly are cyber attackers managing to breach these agencies and what can be done in order to prevent such attacks?
In this guide, explore about 9 common...
Guide
How Organizations Can Get Smarter About Pen Testing
There’s a dangerous misconception sweeping the security industry: Hackers and their cunning attacks are more sophisticated than our best efforts to defend against them. It may seem that the skills gap between the attackers and the protectors is so wide and growing so fast that it’s impossible to catch up.
But that's not true, thanks to penetration testing. In our guide, we explore:
3 things...
Guide
Corporate Risk and Due Diligence in the Cyber Threat Crosshairs
Cyber risks have rapidly developed into a major threat for global economies and enterprises. With little notice, cyber threats have reshaped corporate risk profiles and have transformed cybersecurity from a back-office concern into a foreground corporate priority.
Corporate boards and auditors are increasingly zeroing in on cyber risk because of its potential to enhance or destroy financial...
Guide
How to Build a Red Team
From phishing scams to ransomware, cyber-attacks are growing every day. But something else is growing too – as in the number of Red Teams being built by organizations just like yours. But is a Red Team right for your company? In "How to Build a Red Team" you will learn:
The make up of a Red Team
The mission of a Red Team
Red Teams vs. Penetration Testers
Download your copy of How to Build a Red...
Guide
When Malware Attacks Your IBM i, AIX, and Linux Servers
Server-level protection from viruses and malware is essential, and PC-based tools won’t cut it.
Malware attacks are increasing, including ransomware like CryptoLocker, Locky, and zCrypt. Businesses know anti malware is essential to protecting PCs from malicious programs, but many don’t realize the value of server-level protection until the damage is done.
The guide examines the real-world...
Guide
When to Use Penetration Testing Software, Services, or Both
You know you need a penetration test. Whether it is from an internal mandate or external compliance requirements, it has to be done. From here, the question is how. Do you leverage software and the analysts you already have, hire an external service provider to do the heavy lifting for you, or use some combination of the two? All are reasonable...