What is BAS 2.0 and Why You Need It
In a fast-evolving threat landscape, traditional Breach and Attack Simulation (BAS) tools are limited. Built based on predefined scenarios, they’re gr...

How to Prioritize Vulnerabilities Effectively

There are patches or remediations for all the top vulnerabilities, but they’re still being exploited in the wild. How is that? Well, if you were the a...

How DTCC Upgraded their SOC into a Cyber Threat Fusion Center

By Shawn Baird, Associate Director, Offensive Security and Tactics, DTCC Based on a session given at PenteraCon 2024 When the speed and complexity...

Forti-fied? Logging blind spot revealed in FortiClient VPN

Virtual private networks (VPNs) have become widely used by enterprises for secure remote network access to protect sensitive data. This critical role ...

What’s Behind the Rising Costs of Data Breaches?

Data breaches are more costly than ever, averaging USD 4.88 million in 2024—a 10% rise. This spike is largely due to increased expenses related to los...

Two New Zero-Day Vulnerabilities Uncovered in FortiClient VPN

Introduction Our latest research from Pentera Labs uncovers high-severity Fortinet vulnerability CVE-2024-47574, exposing risks in FortiClient's use ...
2024 State of Pentesting Survey
Download

APT Attacks: The Sith Lords of the Cyber World

Advanced Persistent Threats (APTs) are like the Sith Lords of the cyber world—stealthy, relentless, and always lurking in the shadows. Mentioning them...

How Attackers Can Achieve a DoS Attack in Microsoft Active Directory

In this blog, we explore how attackers can exploit a limitation in Active Directory (AD) Security Identifiers (SIDs) to lock users out of the domain w...

Continuous Security Validation Against AI-Driven Threats – A Field CISO’s Insights

Despite substantial investments in cybersecurity, breaches keep happening—especially as AI changes the game for attackers and defenders alike. AI-driv...
Begin your security validation journey
Request a demo
Book your demo now >
Risks of LOLBAS in Security
LOLBAS (Living Off the Land Binaries And Scripts) is an attack method that uses binaries and scripts that are already part of the system for malicio...

Securing Neglected Network Protocols

The rapid pace of technological advancements constantly create new attack vectors and attack surfaces. Consequently, it is critical to constantly st...

Global Trends in Penetration Testing 2023

In the past 24 months, more than 88% of organizations have been breached.  That's right: almost nine out of ten companies were hacked. Consid...

Finding MSSQL Database Version with TDS Protocol

The version of an MSSQL database is a valuable piece of information for cyber attackers. With the version details in hand, they can attempt to find ...
Reducing Exposure on the Manufacturing Attack Surface
Digitalization initiatives are connecting once-isolated Operational Technology (OT) environments with their Information Technology (IT) counterparts...

Proactive and Preventative Security Measures

Despite major investments in their security suites, organizations continue to be breached. Our Co-founder and CTO, Arik Liberzon, recently sat down ...

Securing MongoDB with Data-at-Rest Encryption

In this post, we will examine one method of encrypting data-at-rest, specifically how to achieve Data-at-Rest Encryption for MongoDB Community Editi...

Best Practices for Migrating from CentOS to Ubuntu

After CentOS 8 was declared end-of-life (EOL), we had to find an alternative operating system (OS) for our on-premise solution, as did many other te...
The Buyer's Guide to Security Validation
Download

Effective Strategies for Bypassing Antivirus

In this article, we will show how it’s possible to use reflective loading to run Mimikatz while evading detection by Windows Defender. While this is...