Exploit types
- Phishing, SQL, Brute Force DDOS
Teaming
- Red teams, blue teams, purple teams
k
Pen testing tools
open source, enterprise, or an arsenal
Vulnerability scanning
Pen testing services
Pen Test Pivoting
Product Line Relationship
A penetration test is often referred to broadly as an evaluation of an organization’s cybersecurity through the uncovering and exploitation of security weaknesses. However, this doesn’t mean there is only one way to pen test. Since vulnerabilities can exist anywhere—operating systems, services and application flaws, improper configurations, or even risky end-user behavior—multiple types of pen tests have been developed to ensure every aspect of the IT infrastructure is secure.
Authored by: Ricardo Narvaja
Note: This work was originally done by Cristian Rubio and Ricardo Narvaja of Core Labs on Windows Server 2008 SP1 32 and 64-bit. There are not many differences in other versions of Windows.
While the basis of the SIGred bug is quite simple, it’s critical to explore exactly how this vulnerability can exploited.
Authored by: Julio Sanchez
What You Need to Know About Netlogon and Zerologon
On September 11th, 2020, researchers at Secura published information on a critical vulnerability in Microsoft’s Netlogon authentication process which they dubbed “Zerologon." It is a cryptographic flaw that has a clear path to full takeover of an Active Directory domain.
Penetration testing, also known as a pen test, is a security exercise that reveals an organization’s security vulnerabilities through a defined testing process. A penetration test may focus on networks, applications, physical facilities, individuals, and more.
Ever since Ali Baba uttered “open sesame,” thieves have been using stolen passwords to access hidden riches. In the digital world, password attacks have been and continue to be a common way for threat actors to gain access to an organization’s treasure trove of data. No matter how many emails we get from IT explaining what makes a good password, many of us still use the same basic password in multiple places simply because they’re easier to remember.
Security vulnerabilities are one of the most common problems in cybersecurity today, as they may exist in operating systems, services and application flaws, improper configurations or risky end-user behavior. According to the statistics from the Common Vulnerabilities and Exposures list, 12,174 new vulnerabilities were uncovered in 2019—over 13 times as many as were discovered in 1999, when the database first came into existence.
Product Line Relationship