The Ultimate Security Validation Checklist for CISOs
If you're heading out of the office on a well-deserved vacation, are you certain the security controls you have in place will let you rest easy whil...
The Shift from Port 445 to Port 135 in Cybersecurity
If we could nominate a command-line utility for an award, PsExec would undoubtedly win the "Most Useful" category. This tool enables administrators ...
Protecting Data from XSS Vulnerabilities in Azure
Cloud-based services are a growing asset for enterprises to optimize scale and reduce deployment efforts.
In our research, we found a web XSS...
Importance of External Attack Surface Management
External Attack Surface Management (EASM) tools have been around for some time, but only recently has Gartner recognized this category as a top tren...
Understanding the Security Aspects of Linux eBPF
2022 discoveries of new privilege escalation techniques
Reading this blog will allow you to understand the eBPF mechanism and how a fairly sm...
Mitigating VMware vCenter Information Disclosure
New zero-day vulnerability joins a chain of recently discovered vulnerabilities capable of operating an end-to-end attack on ESXi. Org...
4 Steps to Knowing Your Exploitable Attack Surface
According to a Cisco CISO Benchmark survey, 17% of organizations had 100,000 or more daily security alerts in 2020, a number that has only incre...
Correcting Common Firewall Misconfigurations
Network misconfigurations take on many types and forms, and come about for many different reasons. Many of them stem from blind adhere...
Breaking the barriers of segmentation
Prefer to read the PDF version of this article? Then, click here.
Intro
Network segmentation continues to be touted as a leading best...
Begin your security validation journey
Request a demo
Identifying and Mitigating the PwnKit Vulnerability
While it may seem like the right course of action is to stop everything and immediately start patching the recent PwnKit vulnerability, this probabl...
Mitigating Log4Shell Exploitation
By the time you read this, you've surely heard all about the recent Apache Log4j 2 vulnerability publicly disclosed via Apache’s project GitHub on D...
From DHCP Spoofing to EternalBlue: Security Insights
DHCP may be famous for being an essential Windows networking protocol, but it is also infamous, or at least it should be, for falling victim to cybe...
Preventing DHCP Spoofing Attacks
DHCP is an essential Windows networking protocol and a favorite among network admins. Let’s go over the basics of DHCP allocation and review common ...
Understanding VMware vCenter Privilege Escalation
Executive summary
Pentera’s research team ‘Pentera Labs’ discovered a vulnerability in VMware’s vCenter Server program. The affected VMware s...
Exploring the PrintNightmare Vulnerability
Greenpeace recently took credit for the PrintNightmare exploitation, warning that if the world does not shift to paperless immediately, further deva...
Understanding Top Exploited Vulnerabilities
There are patches or remediations for all the top vulnerabilities, but they’re still being exploited in the wild. Why is that? Well, if you were the...
Welcome to Pentera’s Next Phase of Security
Today we embark on a new journey. One that will have even a bigger impact on our customers, as we continue to contend with the ever-evolving threat ...
Must-Have Features for Security Validation Tools
With an expanded remote workforce and an increase in cyber-attacks over the past year, validating organizational resilience has become a top enterpr...