New module leverages data from billions of real-world leaked credentials to expose compromised identity threats to internal and external attack surfaces
Boston and Tel Aviv, August 8, 2022 – Pentera, the leader in Automated Security Validation, today announced Credential Exposure, a new module on the Pentera® platform for testing stolen and compromised credentials against the complete enterprise attack surface.
Leaked and stolen credentials pose a critical risk to organizations everywhere. The 2022 Data Breach Investigations Report (DBIR) indicates that over 80% of Web Application breaches involve compromised credentials. Every year, billions of credentials appear on the dark web, paste sites, and in data dumps shared by cyber-criminals. These credentials are often used for account takeover attacks, exposing organizations to breaches, ransomware, and data theft.
The Pentera platform combines real-world leaked credential data with its active validation engine to challenge both internal and external attack surfaces. The platform leverages these hashed or clear text credentials in millions of attack vectors, and provides actionable credential exposure mitigation steps such as password reset, or hardening users’ MFA policies and limiting privileges at risk in near real-time.
“We see a dramatic increase in identity related threats, specifically in the number of leaked credentials available to attackers. These, alongside credential stuffing techniques allow attackers to gain access to valid accounts, resulting in a breach” said Ran Tamir, Chief Product Officer at Pentera, “By integrating leaked credentials threat intelligence into Pentera, we offer our customers a unique solution of actionable threat intelligence based on credentials that are already available online. This enables continuous validation of account exposure and a remediation plan before the accounts are compromised”.
The Pentera Credential Exposure (CE) module will be demoed at Pentera’s booth at Black Hat 2022 in Las Vegas, and generally be available starting Oct 2022. To schedule a demo please click here, or drop by our booth (#1774).
Pentera is the category leader for Automated Security Validation, allowing every organization to test with ease the integrity of all cybersecurity layers, unfolding true, current security exposures at any moment, at any scale. Thousands of security professionals and service providers around the world use Pentera to guide remediation and close security gaps before they are exploited. For more info, visit: pentera.io.
Evading Detection: From Inception to Reality
In this article, we will show how it’s possible to use reflective loading to run Mimikatz while evading detection by Windows Defender. While this is a known attack method, recent improvements in windows defender blocked the method from working properly, so we needed to find a new way to handle dependencies. Read on to see...
When Being Attractive Gets Risky – How Does Your Attack Surface Look to an Attacker?
In the era of digitization and ever-changing business needs, the production environment has become a living organism. Multiple functions and teams within an organization can ultimately impact the way an attacker sees the organization’s assets, or in other words, the external attack surface. This dramatically increases the need to define an exposure management strategy. To...
Bypassing “air-gapped” networks via DNS
In order to protect an organization’s critical assets from Internet access, IT teams often create isolated or ‘air-gapped’ networks. These networks are often considered inherently untouchable. While air-gapped networks may not have direct access to the Internet, they still often require DNS services in order to resolve a company’s internal DNS records. This will prove...