Resources

pen testing for a remote workforce
Blog

Finding Clarity in the Chaos: 5 Cybersecurity Trends of 2020

Tue, 12/22/2020
As 2020 comes to an end and we anticipate gleefully tossing our calendars in the garbage, we can all agree it was one of the most tumultuous years in recent history. It was a difficult time for almost every person and industry, and cybersecurity was certainly no exception, with shocking breaches, mass transitions to remote working, and threat actors thriving as the pandemic raged on. Though we’re...
Penetration Testing
Phishing
SIEM
Threat Detection
PAM
IGA
Article

Exploitation Chains in Lightweight Desktop Applications

Authored by: Ramiro Molina In the past several years, many desktop applications—especially clients for cloud-based products—have transitioned into lightweight or web-based desktop client applications. These applications are moving away from the concept of heavily implementing logic in distributed executables. Instead, they use an embedded web browser or another similar technology to load a...
segregation-of-duties-in-identity-governance
Blog

Why Identity Governance Is Essential for Segregation of Duties (SoD)

Fri, 12/18/2020
It’s no secret that organizations today face a constant onslaught of identity-related access risks within the current threat landscape. One of the most critical and potentially damaging access risks that can exist under the surface of an organization is the lack of controls to ensure adequate segregation of duties (SoD). Throughout this blog, we will examine what it means to segregate duties...
IGA
Article

Reversing & Exploiting With Free Tools: Part 6

In part 5, we completed our analysis of Stack4 using IDA Free. In this next part, we’ll be solving ABO1, using RADARE. The first thing we need to do is to find the binary information located in ABO1_VS_2017.exe. Go to the folder where the executable is and extract it using rabin2. Using RABIN2 rabin2 -l ABO1_VS_2017.exe There is a lot of information...
cobalt strike interoperability with core impact thumb
Blog

Interoperability with Cobalt Strike and Other Notable New Features in Core Impact 20.3

Tue, 12/15/2020
The latest release of Core Impact has arrived! Version 20.3 showcases our commitment to creating a comprehensive, streamlined process for testing the defenses of any IT environment. At the forefront of this effort is the debut of exciting new interoperability capabilities with our red teaming platform, Cobalt Strike. Additionally, this latest release includes new features focused on both...
Penetration Testing
Red Team
3 Reasons to Use Third Party Testers thumbnail
Video

Cybersecurity in a Chaotic Time: 2020 Trends and 2021 Predictions

Thu, 12/10/2020
2020 has been a chaotic year. From the far-reaching impact of COVID-19 to the increasing number of data breaches across nearly every sector, the threat landscape continues to intensify and the importance of cybersecurity continues to grow. The cybersecurity trends of 2020 teach us valuable lessons that are important to understand for the coming year. These trends focused on protection of customer...
Penetration Testing
Phishing
Threat Detection
PAM
IGA
3 Reasons You May Need to Rethink Your Virus Protection Strategy thumbnail
Blog

3 Reasons You May Need to Rethink Your Virus Protection Strategy

Tue, 12/08/2020
These days, encountering malware like viruses, ransomware, trojans, or worms has become all too common—it’s almost an inevitability. In fact, according to the 2020 Malware Report by Cybersecurity Insiders, 88% see malware as an extreme or moderate threat, and 75% believe malware and ransomware will increase in the next year. As this threat continues to loom, almost all organizations have antivirus...
Threat Detection
A day in the life of a pen tester thumbnail
Blog

A Day in the Life of a Pen Tester

Mon, 12/07/2020
When someone says “pen test,” you’re not alone if you pictured someone clicking a ball point pen top, drawing scribbles to see if any ink comes out. But if you keep listening, it actually seems like pen testers are paid to hack into computers all day long. So what do they actually do? We went behind the scenes, taking a closer look at the day in the life of a pen tester.
Penetration Testing
Phishing
What is?
Blog

What is Privileged Account Management?

Fri, 12/04/2020
Day after day, we see the evidence of an increased number of breaches. As a Privileged Account Management (PAM) provider, we are also seeing a similar increase in requests for proposals on our Core Privileged Access Manager (BoKS) solution. What is most interesting is that a large number of security professionals who contact us indicate that they are not not even sure what privileged accounts are...
PAM
Cloud Security
Blog

With Public Cloud OS Instances Growing, Security Challenges Grow, Too

Fri, 12/04/2020
“Some cloud vendors tout that systems deployed within their framework require little or no administration: You create an image with the software and applications that you want it to provide services for, spin it up in a management console, and Voila! you have an entirely new system online; with minimal cost, no hassle, little work. However, even with newer models for virtualization appearing on...
PAM
PAM: Unlocking the Potential of Password Vault Alternatives
Video

PAM: Unlocking the Potential of Password Vault Alternatives

Fri, 12/04/2020
Privileged Account and Session Management (PASM) tools, better known as password vaulting, are a type of Privileged Access Management (PAM) solution that restricts user access to IT systems and protects an organization’s data. While some organizations have implemented password vaulting technology to manage privilege, additional solutions that leverage other stronger access management strategies...
PAM
Getting Inside The Mind of An Attacker Part 4
Blog

Getting Inside the Mind of an Attacker Part 4: Additional Internal Attack Techniques

Fri, 11/20/2020
Authored by: Julio Sanchez In part 3 of this series, we examined a penetration testing engagement that the Core Security Services team performed, simulating an insider attacker with low-level credentials escalating their privileges with Kerberos tickets and pass-the-hash attacks. In this final scenario, we’ll explore another insider attack engagement, demonstrating how different techniques can be...
Penetration Testing
Phishing
identity-governance-lock
Blog

‘You Can’t Boil the Ocean’: How a Phased Approach Can Help Your IGA Program Succeed

Wed, 11/18/2020
Implementing an Identity Governance and Administration (IGA) solution can be a daunting task. Organizations of all sizes recognize the complexity of mitigating identity-related access risks across countless devices, applications, and systems, but need a way to see through the competing priorities and to understand that IGA is not an all or nothing proposition. Rather than a destination, Identity...
IGA
blog article thumbnail
Blog

Open Source vs. Enterprise: Why Not All Exploits are Created Equal

By Pablo Zurro on Wed, 11/11/2020
A common tactic of attackers trying to breach an environment is to use an exploit against a known vulnerability in an application or device present in a targeted infrastructure. Exploiting a vulnerability can provide an attacker with privileges or capabilities they would not normally be granted. In order to provide insight into what threat actors might be able to do, pen testers also use exploits....
Penetration Testing
Pen tester in hoodie
Video

3 Fundamental Pen Tests Every Organization Should Run

Tue, 11/10/2020
A penetration test is often referred to broadly as an evaluation of an organization’s cybersecurity through the uncovering and exploitation of security weaknesses. However, this doesn’t mean there is only one way to pen test. Since vulnerabilities can exist anywhere—operating systems, services and application flaws, improper configurations, or even risky end-user behavior—multiple types of pen...
Penetration Testing
Phishing
hacker-on-laptop
Blog

Getting Inside the Mind of an Attacker Part 3: Internal Attacks on Active Directory

Thu, 10/22/2020
Authored by: Julio Sanchez In part 2 of this series, we examined a penetration testing engagement that the Core Security Services team performed, simulating an external attacker with no internal access finding entry using a password spray attack, eventually gaining control of Active Directory. Continuing our exploration of Active Directory attacks, we’ll share another scenario in order to further...
Penetration Testing
Phishing
Malware Bug
Video

Meeting Compliance Goals and Beyond: Virus Protection on IBM Systems

Thu, 10/22/2020
When it comes to cybersecurity, the old proverb “what you don’t know can’t hurt you” could not be further from the truth. Unfortunately, despite hosting mission-critical applications and data, IBM Systems like IBM i, AIX, LinuxPPC, and Linux on Z are often neglected and left unprotected. While these systems are beloved for their performance and reliability, none of them are immune to malware. As...
Threat Detection
Compliance