Research team’s publications explaining recent adversary techniques are shared with the cybersecurity defenders community.
Boston & Tel Aviv, Israel — May 31, 2022 — Pentera, the leader in Automated Security Validation, today unveiled its research arm, Pentera Labs. The company has made its recent publications available to any cyber defender to help them identify, analyze and mitigate new adversary tactics and techniques in the wild.
Pentera Labs is led by Alex Spivakovsky, VP of Research, and consists of two dozen world-class cyber researchers who formerly served in elite Israeli defense forces intelligence units. It serves as the research powerhouse behind Pentera’s Automated Security Validation platform.
The Pentera Labs team actively monitors threat intelligence feeds to identify new critical vulnerabilities and the latest attack techniques used by adversaries. These findings are synthesized and fed into the Pentera platform to continually enhance its security testing capabilities. This enables subscribers of the Pentera platform to keep their security validation program abreast of the latest attack techniques and grow their cyber resilience.
Through its ongoing research, Pentera Labs recently discovered and disclosed two zero-day vulnerabilities in VMWare vCenter, potentially exposing more than 500,000 organizations globally.
As part of its public contribution, Pentera Labs recently submitted new attack techniques to the MITRE ATT&CK framework, becoming an official contributor to the globally-accessible knowledge base of adversary tactics and techniques.
“Every day, Pentera Labs’ research team steps into an adversary’s mindset to safely probe the security controls protecting top enterprises,” said Alex Spivakovsky. “Pentera Labs’ findings are fueling the engine that powers the Pentera platform with research-based threat intelligence, providing our customers with the latest information on real-world vulnerabilities and attack techniques. By sharing Pentera Labs’ research with the greater security community, we are proud to be helping security practitioners all around the globe efficiently detect and remediate threats and security gaps before they are exploited.”
Experts from Pentera will be on-hand to demonstrate the industry’s first unified Automated Security Validation platform for both internal and external threats at the RSA Conference (booth #4215), taking place June 6-9 in San Francisco. Register now to reserve time during RSAC to speak with a member of the Pentera team and receive a demonstration of the platform: go.pentera.io/rsa-2022.
Pentera is the category leader for Automated Security Validation, allowing every organization to easily test the integrity of all cybersecurity layers, unfolding accurate, current security exposures at any moment, at any scale. Thousands of security professionals and service providers worldwide use Pentera to guide remediation and close security gaps before they are exploited. For more info, visit pentera.io.
How we improved our QA with Shift-Left testing
This article is part of Pentera’s Engineering Series – a behind-the-scenes look at the technologies we develop to keep companies secure. In this piece, we look at the testing processes that we use to QA our platform and deliver a high-quality solution. It almost goes without saying that testing is a critical part of the...
Five steps to mitigate the risk of credential exposure
Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for account takeover attacks, exposing organizations to breaches, ransomware, and data theft. While CISOs are aware of growing identity threats and have multiple tools in their...
WiFi – The Untested Attack Surface
Much of a company’s assets are connected to Wi-Fi networks. However, security teams are often less likely to validate these networks. This pushed us to wonder what we might find if we were to test a corporate WiFi network. After running the Pentera platform™️ over Wi-Fi, we found several vulnerabilities, which helped us gain insight...