Resources
Guide

2021 Malware Report

During Tumultuous Times, Malware Threats Thrive The past year was full of upheaval in many different ways, and the cybersecurity world was no exception. Malware continued to wreak havoc, perhaps even more so than usual. The silver lining is that much can be learned from these experiences and analyzed to better bolster against attacks. In this report from Cybersecurity Insiders, sponsored by Fortra...
Threat Detection
3 Reasons You Should Be Using SIEM
Video

Why Pen Testing is Essential in Today’s Threat Landscape

Fri, 06/04/2021
As cyber-attacks continue to be disturbingly common, penetration tests have become increasingly important. These valuable assessments, performed using either in-house personnel or third-party service vendors, exploit vulnerabilities to determine the security stance of an IT environment. In fact, according to the 2024 Penetration Testing Survey, 83% of respondents run pen tests at least 1-2 times a...
Penetration Testing
Getting Inside the Mind of An Attacker Part One Thumbnail
Video

Getting Inside the Mind of an Attacker: After the Breach - Next Steps After Compromising Active Directory

Thu, 05/27/2021
Unfortunately, the reality of cybersecurity is that attackers will sometimes succeed in breaching an IT environment. Accepting this probability allows you to focus on learning how to detect a breach and manage such attacks. Cybersecurity expert Julio Sanchez demonstrates approaches threat actors may take in an attempt to gain persistence after compromising Active Directory. Learn how each...
Penetration Testing
Article

Analysis of CVE-2021-26897 DNS Server RCE

CVE-2021-26897 is a DNS server RCE vulnerability, and is triggered when many consecutive Signature RRs Dynamic Updates are sent. This vulnerability is an OOB write on the heap when combining the many consecutive Signature RR Dynamic Updates into base64-encoded strings before writing to the Zone file. According to Microsoft, systems are only vulnerable if a DNS server had dynamic updates enabled....
Article

How to Build a USB Drop Attack

Dropped USB flash drives are still effective means for getting into networks. The goal of this post is to give you a bit of a hands on lab and show you some tricks for actually conducting USB drop attacks, including how to prepare the payload using Core Impact. USB drop attacks are a bit of a performance art form. You need to build an enticing story that’ll make the discoverers of the drop, whom...
Penetration Testing
Article

Reversing & Exploiting with Free Tools: Part 8

In part 7, we solved ABO2 in GHIDRA. In this part, we’ll use IDA FREE to solve ABO3. As is the case with all of the ABOS, the goal is to run the calculator or some other executable that we want. First, open ABO3 in IDA FREE to analyze it. Searching for the PDB in the symbol server could produce the...
Penetration Testing
Datasheet

Offensive Security - Advanced Bundle

Core Impact and Cobalt Strike represent two distinct, yet complementary approaches to security assessment. Core Impact is an automated pen testing tool that focuses on initial access and security validation, while Cobalt Strike specializes in advanced post-exploitation techniques for red team operations. In additional to functioning independently, security teams can benefit from both platform...
Penetration Testing
Red Team
role-design-access-security
Blog

Role-Based Access Control: Why It Delivers a Modern Approach for Managing Access

Wed, 04/07/2021
Relying on outdated methods to manage user access is both a constant struggle and a persistent risk to your business. Manually keeping track of users and entitlements is costly, time-consuming, and daunting. But with a modern role-based approach, you can embrace a smarter, simpler, more secure way to manage user access. In this blog, we will define role-based access control (RBAC), explore why it...
IGA
Article

How to Deal with Microsoft Monthly Updates to Reverse Engineer Binary Patches

The new format of Microsoft monthly updates have proven challenging to reverse engineer. We’ve figured out a workaround that we hope will be helpful. In the original format, the Microsoft updates have always included the full files to patch, and from there it’s relatively straightforward to work on reversing and diffing through only extracting, without installing the patch. Sometimes the patch...
Penetration Testing
Penetration Testing Frequency: How Often Should You Test?
Blog

Penetration Testing Frequency: How Often Should You Test?

Wed, 03/31/2021
Penetration testing has become an increasingly standard exercise, with organizations using either pen testing services or in-house teams to uncover weaknesses and assess their security posture. Many businesses want to stay proactive about securing their IT environment and find that pen testing helps them stay compliant and prove adherence to regulations or industry best practices. According to the...
Penetration Testing
Article

Core Impact 2017 versus Metasploit: the Shootout Comparison

Core Impact 2017 R1 and Metasploit Pro are tools used to create multi-staged, real-world attacks to test enterprise security defenses. Organizations need improved visibility into the the holes in their enterprise network defenses. Pen Testing tools allow an organization to evaluate their ability to detect, prevent, and respond to attacks using multi-staged, real-world attacks. Both Core Impact...
Penetration Testing
3 Reasons You Should Be Using SIEM
Blog

3 Reasons You Should Be Using SIEM

By Bob Erdman on Wed, 03/24/2021
Security Information and Event Management (SIEM) solutions have been around for years, helping to identify and escalate critical security events. SIEM solutions have become integral to many organizations’ security portfolios. In fact, according to the 2021 SIEM Report by Cybersecurity Insiders, 74 percent of respondents ranked SIEM as very to extremely important to their organization’s security...
SIEM
Article

Understanding the Evolution of Ransomware

Ransomware, as an active variant of current malware, has undoubtedly undergone a series of changes that have allowed cyber criminals to expand the horizons of clandestine business. In order to try to understand the different "forms" ransomware has presented over time, this article will show the evolutionary line of this latent threat in a compact and concrete way. Ultimately, it aims to...
Penetration Testing
2021 predictions
Video

Prioritizing Pen Testing: 2021 Survey Results Revealed

Tue, 03/16/2021
The global chaos of last year was also seen in the digital world, as cyber attackers were seemingly relentless in their efforts. Such activity underscores the importance of penetration testing to assess and test security vulnerabilities, which allow you to better evaluate risk and be ready to detect, prevent and respond to threats as they happen. Though pen tests continue to become a required part...
Penetration Testing
Blog

How to Pen Test Against Orphaned and Privileged Accounts

Mon, 03/15/2021
The more pen-tests I do, the more I see that despite how every organization claims that they’re different, I see the same commonalities with how things are being managed inside the network. One of those commonalities that I see tends to vastly improve my odds of persistence and avoiding detection: how an organization handles orphaned accounts and service accounts. Let’s talk about a little theory...
Article

Simple DNS Redirectors for Cobalt Strike

Authored by: Ernesto Alvarez, Senior Security Consultant, Security Consulting Services This article describes techniques used for creating UDP redirectors for protecting Cobalt Strike team servers. This is one of the recommended mechanisms for hiding Cobalt Strike team servers and involves adding different points which a Beacon can contact for instructions when using the HTTP channel. Unlike HTTP...
Performance gears
Video

The Evolution of SIEM: 2021 Survey Results Revealed

Tue, 03/09/2021
The commotion and upheaval of 2020 still has everyone seeking steadier ground, and security teams are no exception. But with seemingly relentless attacks and increasingly complex threats, is such stability just a pipe dream? Can well established safeguards like Security Information and Event Management (SIEM) solutions still be relied upon? In this webinar, cybersecurity experts Bob Erdman and...
SIEM