What is BAS 2.0 and Why You Need It
In a fast-evolving threat landscape, traditional Breach and Attack Simulation (BAS) tools are limited. Built based on predefined scenarios, they’re gr...

How to Prioritize Vulnerabilities Effectively

There are patches or remediations for all the top vulnerabilities, but they’re still being exploited in the wild. How is that? Well, if you were the a...

How DTCC Upgraded their SOC into a Cyber Threat Fusion Center

By Shawn Baird, Associate Director, Offensive Security and Tactics, DTCC Based on a session given at PenteraCon 2024 When the speed and complexity...

Forti-fied? Logging blind spot revealed in FortiClient VPN

Virtual private networks (VPNs) have become widely used by enterprises for secure remote network access to protect sensitive data. This critical role ...

What’s Behind the Rising Costs of Data Breaches?

Data breaches are more costly than ever, averaging USD 4.88 million in 2024—a 10% rise. This spike is largely due to increased expenses related to los...

Two New Zero-Day Vulnerabilities Uncovered in FortiClient VPN

Introduction Our latest research from Pentera Labs uncovers high-severity Fortinet vulnerability CVE-2024-47574, exposing risks in FortiClient's use ...
2024 State of Pentesting Survey
Download

APT Attacks: The Sith Lords of the Cyber World

Advanced Persistent Threats (APTs) are like the Sith Lords of the cyber world—stealthy, relentless, and always lurking in the shadows. Mentioning them...

How Attackers Can Achieve a DoS Attack in Microsoft Active Directory

In this blog, we explore how attackers can exploit a limitation in Active Directory (AD) Security Identifiers (SIDs) to lock users out of the domain w...

Continuous Security Validation Against AI-Driven Threats – A Field CISO’s Insights

Despite substantial investments in cybersecurity, breaches keep happening—especially as AI changes the game for attackers and defenders alike. AI-driv...
Begin your security validation journey
Request a demo
Book your demo now >
Assessing Your Attack Surface from an Attacker’s Perspective
In the era of digitization and ever-changing business needs, the production environment has become a living organism. Multiple functions and teams w...

Techniques for Bypassing Air-Gapped Networks

In order to protect an organization’s critical assets from Internet access, IT teams often create isolated or ‘air-gapped’ networks. These networks ...

Limitations of CVE Management as a Primary Strategy

With only about 15% of vulnerabilities actually exploitable, patching every vulnerability is not an effective use of time.   As a...

Enhancing QA with Shift-Left Testing

This article is part of Pentera’s Engineering Series – a behind-the-scenes look at the technologies we develop to keep companies secure. In this pie...
5 steps to mitigate risk of credential exposure
Steps to Mitigate Credential Exposure Risks
Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These c...

WiFi, the untested attack surface

Much of a company’s assets are connected to Wi-Fi networks. However, security teams are often less likely to validate these networks. This pushed us...

The Ultimate Security Validation Checklist for CISOs

If you're heading out of the office on a well-deserved vacation, are you certain the security controls you have in place will let you rest easy whil...

The Shift from Port 445 to Port 135 in Cybersecurity

If it was possible to nominate a command-line utility for an award, PsExec would definitively win the most useful category. This tool allows adminis...
The Buyer's Guide to Security Validation
Download

Protecting Data from XSS Vulnerabilities in Azure

Cloud-based services are a growing asset for enterprises to optimize scale and reduce deployment efforts. In our research, we found a web XSS...