From Compliance to Confidence: Achieving CMMC 2.0 Certification
For many contractors, navigating the complexities of CMMC compliance presents significant challenges. The Cybersecurity Maturity Model Certification (...
Continuous Ransomware Validation: Why Annual Testing Is No Longer Enough
Ransomware isn’t just a security issue; it’s a business problem that’s grown too big to ignore. What started as floppy-disk attacks back in the 1980s ...
What is BAS 2.0 and Why You Need It
In a fast-evolving threat landscape, traditional Breach and Attack Simulation (BAS) tools are limited. Built based on predefined scenarios, they’re gr...
How to Prioritize Vulnerabilities Effectively
There are patches or remediations for all the top vulnerabilities, but they’re still being exploited in the wild. How is that? Well, if you were the a...
How DTCC Upgraded their SOC into a Cyber Threat Fusion Center
By Shawn Baird, Associate Director, Offensive Security and Tactics, DTCC
Based on a session given at PenteraCon 2024
When the speed and complexity...
Forti-fied? Logging blind spot revealed in FortiClient VPN
Virtual private networks (VPNs) have become widely used by enterprises for secure remote network access to protect sensitive data. This critical role ...
What’s Behind the Rising Costs of Data Breaches?
Data breaches are more costly than ever, averaging USD 4.88 million in 2024—a 10% rise. This spike is largely due to increased expenses related to los...
Two New Zero-Day Vulnerabilities Uncovered in FortiClient VPN
Introduction
Our latest research from Pentera Labs uncovers high-severity Fortinet vulnerability CVE-2024-47574, exposing risks in FortiClient's use ...
APT Attacks: The Sith Lords of the Cyber World
Advanced Persistent Threats (APTs) are like the Sith Lords of the cyber world—stealthy, relentless, and always lurking in the shadows. Mentioning them...
Begin your security validation journey
Request a demo
Best Practices for Migrating from CentOS to Ubuntu
After CentOS 8 was declared end-of-life (EOL), we had to find an alternative operating system (OS) for our on-premise solution, as did many other te...
Effective Strategies for Bypassing Antivirus
In this article, we will show how it’s possible to use reflective loading to run Mimikatz while evading detection by Windows Defender. While this is...
Assessing Your Attack Surface from an Attacker’s Perspective
In the era of digitization and ever-changing business needs, the production environment has become a living organism. Multiple functions and teams w...
Techniques for Bypassing Air-Gapped Networks
In order to protect an organization’s critical assets from Internet access, IT teams often create isolated or ‘air-gapped’ networks. These networks ...
Limitations of CVE Management as a Primary Strategy
With only about 15% of vulnerabilities actually exploitable, patching every vulnerability is not an effective use of time.
As a...
Enhancing QA with Shift-Left Testing
This article is part of Pentera’s Engineering Series – a behind-the-scenes look at the technologies we develop to keep companies secure. In this pie...
Steps to Mitigate Credential Exposure Risks
Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These c...
WiFi, the untested attack surface
Much of a company’s assets are connected to Wi-Fi networks. However, security teams are often less likely to validate these networks. This pushed us...
The Ultimate Security Validation Checklist for CISOs
If you're heading out of the office on a well-deserved vacation, are you certain the security controls you have in place will let you rest easy whil...