Blueprint for Success: Implementing a CTEM Operation
The attack surface isn’t what it once was and it’s becoming a nightmare to protect. A constantly expanding and evolving attack surface means risk to t...
Surviving LockBit Lessons from a Ransomware Attack
On April 13, 2023, we were hit hard. The University of Health Sciences and Pharmacy (UHSP) faced a serious adversary: The notorious LockBit ransomware...
Return of the RCE: Addressing the regreSSHion Vulnerability – CVE-2024-6387
A Regrettable Resurgence
On July 1, 2024, the Qualys Threat Research Unit (TRU) published their discovery of an unauthenticated remote code executio...
Zero footprint attacks: 3 steps to bypass EDR with reflective loading
EDR (Endpoint Detection and Response) evasion techniques are becoming increasingly common amongst attackers as they evolve their strategies to bypass ...
Fundamentals of Cloud Security Stress Testing
“Defenders think in lists, attackers think in graphs” said John Lambert from Microsoft, distilling the fundamental difference in mindset between those...
Verizon’s 2024 Data Breach Investigations Report: Key insights
The 2024 Data Breach Investigations Report (DBIR) is out, providing an in-depth look at the latest trends in cybersecurity. This year's findings revea...
Pentera’s 2024 report reveals hundreds of security events per week, highlighting the criticality of continuous validation
Over the past two years, a shocking 51% of organizations surveyed in a leading industry report have been compromised by a cyberattack. Yes, over half....
Managing the Financial Industry’s Attack Surface
The financial services industry has always been at the forefront of technology adoption, but the 2020 pandemic accelerated the widespread use of mobil...
Tackling Cloud Security Challenges
As much as we love the cloud, we fear it as well.
We love it because cloud computing services of Amazon, Azure, and Google have transformed operati...
Begin your security validation journey
Request a demo
Global Trends in Penetration Testing 2023
In the past 24 months, more than 88% of organizations have been breached.
That's right: almost nine out of ten companies were hacked. Consid...
Finding MSSQL Database Version with TDS Protocol
The version of an MSSQL database is a valuable piece of information for cyber attackers. With the version details in hand, they can attempt to find ...
Reducing Exposure on the Manufacturing Attack Surface
Digitalization initiatives are connecting once-isolated Operational Technology (OT) environments with their Information Technology (IT) counterparts...
Proactive and Preventative Security Measures
Despite major investments in their security suites, organizations continue to be breached. Our Co-founder and CTO, Arik Liberzon, recently sat down ...
Securing MongoDB with Data-at-Rest Encryption
In this post, we will examine one method of encrypting data-at-rest, specifically how to achieve Data-at-Rest Encryption for MongoDB Community Editi...
Best Practices for Migrating from CentOS to Ubuntu
After CentOS 8 was declared end-of-life (EOL), we had to find an alternative operating system (OS) for our on-premise solution, as did many other te...
Effective Strategies for Bypassing Antivirus
In this article, we will show how it’s possible to use reflective loading to run Mimikatz while evading detection by Windows Defender. While this is...
Assessing Your Attack Surface from an Attacker’s Perspective
In the era of digitization and ever-changing business needs, the production environment has become a living organism. Multiple functions and teams w...
Techniques for Bypassing Air-Gapped Networks
In order to protect an organization’s critical assets from Internet access, IT teams often create isolated or ‘air-gapped’ networks. These networks ...