Topics
How Attackers Can Achieve a DoS Attack in Microsoft Active Directory
In this blog, we explore how attackers can exploit a limitation in Active Directory (AD) Security Identifiers (SIDs) to lock users out of the domain w...
Continuous Security Validation Against AI-Driven Threats – A Field CISO’s Insights
Despite substantial investments in cybersecurity, breaches keep happening—especially as AI changes the game for attackers and defenders alike. This sh...
Why Proactive Cybersecurity Starts with Attack Surface Management (ASM)
The last couple of years will be remembered for many things in cybersecurity, but the MOVEit breach stands out as a painful lesson in what happens whe...
Prove Your Defenses Work with Continuous Security Validation
The European energy sector’s recent takedown showed just how fast even strong defenses can crumble in the face of the increasing sophistication of cyb...
What CISOs Need to Know About the New SEC Cybersecurity Guidelines
The new SEC guidelines released July 26 2023 and effective December 18 2023 mark a significant shift in how organizations must approach cybersecurity....
Why Pay a Pentester? The Shift to Automated Penetration Testing
The evolution of software always catches us by surprise. I remember betting against the IBM computer Deep Blue during its chess match against the gran...
Comparing On-premise vs. Cloud-Based Penetration Testing Strategies
As cloud infrastructure adoption grows, it's a mistake to assume that these environments are inherently secure. In fact, as reported by StrongDM, “pub...
Ransomware Readiness Strategies: How to Protect Your Organization
Ransomware Readiness Strategies: Are You Prepared?
If this question is keeping you up at night, you’re certainly not alone. The threat is tangibly ...
How Susceptible are Your Linux Machines to a Ransomware Attack?
Ransomware targeting Linux machines is becoming increasingly common. While the vast majority of ransomware is still designed to target Windows systems...
Begin your security validation journey
Request a demo
Emulating Cryptomining Attacks: A Deep Dive into Resource Draining with GPU Programming
Cryptomining has surged in popularity, driven by the growing value of cryptocurrencies like Bitcoin and Ethereum. With leaked credentials easier than ...
Aligning Security Testing with IT Infrastructure Changes
With 73% of organizations tweaking their IT setups every quarter, it’s concerning that only 40% are aligning their security checks accordingly. This f...
Meeting the DORA Mandate: Approaching ICT Risk Management with Pentera
The countdown to January 2025 is on, and for financial institutions in Europe, the Digital Operational Resilience Act (DORA) isn’t just another regula...
Identity Breaches in 2024 – An Ounce of Hygiene is Worth a Pound of Technology
Identity is a key to open a door
Who are you? Yes, you reading. Who are you?
There’s probably a lot of ways you can answer that question, and that...
The Kubernetes Attack Surface
Do you remember the days when cyber security was easy? That never happened. But even though it was hard, we knew what we needed to do; which user perm...
Blueprint for Success: How to Implement the CTEM Framework
The attack surface isn’t what it once was and it’s becoming a nightmare to protect. If you’re wondering how to implement the CTEM framework, this blog...
Surviving LockBit Lessons from a Ransomware Attack
What Happened During the LockBit Attack?
On April 13, 2023, we were hit hard. The University of Health Sciences and Pharmacy (UHSP) faced a serious a...
Return of the RCE: Addressing the regreSSHion Vulnerability – CVE-2024-6387
A Regrettable Resurgence
On July 1, 2024, the Qualys Threat Research Unit (TRU) published their discovery of an unauthenticated remote code executio...
Zero footprint attacks: 3 steps to bypass EDR with reflective loading
EDR (Endpoint Detection and Response) evasion techniques are becoming increasingly common amongst attackers as they evolve their strategies to bypass ...