Topics
Business Risk as a Guide for Cybersecurity Remediation
We all know the culprits. Cloud adoption, remote and hybrid work arrangements and a long list of must-have technologies have led to an ever-expandin...
Managing Legacy Infrastructure for Security
Every company has some level of tech debt. Unless you’re a brand new start-up, you most likely have a patchwork of solutions that have been impleme...
Risks of LOLBAS in Security
Living Off the Land Binaries and Scripts (LOLBAS) represent a stealthy and growing threat in cybersecurity. By using trusted system utilities for ma...
Securing Neglected Network Protocols
The rapid pace of technological advancements constantly create new attack vectors and attack surfaces. Consequently, it is critical to constantly st...
Penetration Testing Trends: A 2023 Perspective
Penetration testing trends are more critical than ever. In the past 24 months, over 88% of organizations have been breached. Nearly nine out of ten ...
Finding MSSQL Database Version with TDS Protocol
The version of an MSSQL database provides valuable information that cyber attackers can exploit. With the version details in hand, they can attempt ...
Reducing Exposure on the Manufacturing Attack Surface
Digitalization initiatives are connecting once-isolated Operational Technology (OT) environments with their Information Technology (IT) counterparts...
Proactive and Preventative Security Measures
Despite major investments in their security suites, organizations continue to be breached. Our Co-founder and CTO, Arik Liberzon, recently sat down ...
Securing MongoDB with Data-at-Rest Encryption
In this post, we will examine one method of encrypting data-at-rest, specifically how to achieve Data-at-Rest Encryption for MongoDB Community Editi...
Begin your security validation journey
Request a demo
Best Practices for Migrating from CentOS to Ubuntu
After CentOS 8 was declared end-of-life (EOL), we had to plan a CentOS to Ubuntu migration as an alternative operating system (OS) for our on-premis...
Effective Strategies for Bypassing Antivirus
In this article, we will show how it’s possible to use reflective loading to run Mimikatz while evading detection by Windows Defender. While this is...
Assessing Your Attack Surface from an Attacker’s Perspective
In the era of digitization and ever-changing business needs, the production environment has become a living organism. Multiple functions and teams w...
Techniques for Bypassing Air-Gapped Networks
Introduction
'Air-gapped' networks are often considered the gold standard for isolating sensitive systems from external threats. However, these net...
Limitations of CVE Management as a Primary Strategy
With only about 15% of vulnerabilities actually exploitable, patching every vulnerability is not an effective use of time.
As a...
Enhancing QA with Shift-Left Testing
This article is part of Pentera’s Engineering Series – a behind-the-scenes look at the technologies we develop to keep companies secure. In this pie...
Steps to Mitigate Credential Exposure Risks
Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These c...
WiFi, the untested attack surface
Much of a company’s assets are connected to Wi-Fi networks. However, security teams are often less likely to validate these networks. This pushed us...
The Ultimate Security Validation Checklist for CISOs
If you're heading out of the office on a well-deserved vacation, are you certain the security controls you have in place will let you rest easy whil...