Home | Resources

Mobile Security Testing

VerSprite Evolved Cybersecurity Consulting

Pasta Threat Modeling

PASTA Threat Modeling: 7 Stages for Simulating Cyber Attacks

VerSprite emulates realistic cyber attacks by a malicious actor using PASTA Threat Modeling (Process for Attack Simulation and Threat Analysis). Our risk-based threat modeling methodology consists of 7 stages for simulating cyber attacks and analyzing threats to the organization and application. This allows our pentesters, redteamers, and cybersecurity analysts to help your organization identify critical vulnerabilities and minimize real-world risks associated business impact.

Learn More →

pasta-threat-modeling-versprite

Ebook

Process for Attack Simulation & Threat Analysis

Risk-Based Security Threat Modeling: 7 Step Process for Risk Analysis

PASTA is the Process for Attack Simulation and Threat Analysis and is a risk-based threat modeling methodology aimed at identifying viable threat patterns against an application or system environment. The goal is to align business objectives with technical requirements while taking into account business impact analysis and compliance requirements.

Learn more

threat modeling

Ebook

The Process for Attack Simulation and Threat Analysis

PASTA is the Process for Attack Simulation & Threat Analysis and is a risk-centric threat modeling methodology aimed at identifying viable threat patterns against an application or system environment.

Learn more

Over the last couple of days, an innovative campaign to spread phishing was detected. This attack used the Google translate service to make malicious links appear legitimate when visited only on mobile browsers.

Blog Post

Email Forensics

Phishing Site Uses Google Translate

An innovative campaign to spread phishing was recently detected. This attack used the Google translate service to make malicious links appear legitimate when visited only on mobile browsers.

Learn more

How Hackers Control and Steal Vehicles Remotely

Blog Post

Reverse Engineering

Hacking an Aftermarket Remote Start System

In part two of this series, we’ll dive deeper into the technical specifications of the CarLinkBT module. We’ll also discuss the dynamic analysis and testing performed to confirm our findings. Finally, we’ll walk through the process of developing an exploit for this vulnerability.

Learn more

Amazon Web Services (AWS) Cloud Security

Blog Post

Amazon Web Services (AWS)

How Hackers Can Attack Your Amazon Web Services (AWS) Resources

Stolen credentials remain the number one action in cybersecurity breaches. However, attackers still have other routes to your systems and data. Once you secure your AWS IAM, where do you focus next? In this piece we will look at securing AWS resources that can be attacked directly through the network.

Learn more

Hacking an Aftermarket Remote Start System

Blog Post

Exploit Development

How Hackers Control & Steal Vehicles Remotely

The trend of automotive security research began in the 2010s and has resulted in the discovery of several critical security issues within modern vehicles. Hackers have repeatedly demonstrated their ability to remotely track, steal, and control a variety of unaltered vehicles.

Learn more

android vulnerabilities and exploits

Blog Post

Exploitation of Vulnerabilities

Why Androids are a Prime Target for Hackers

The Android operating system and the mobile devices it runs on dominate the market in comparison to other device manufactures. Along with the market share, the Android ecosystem is heavily fragmented; that is to say many individuals are still using older versions of the Android operating system.

Learn more

Android's JIT

Video

JEA Just-Enough-Administration

Deep Dive into the Dalvik Virtual Machine’s JIT Implementation

VerSprite’s Director of Security Research, Ben Watson, takes a deep dive into the Dalvik Virtual Machine’s JIT implementation and how it can be used and abused to execute shellcode.

Learn more

XML EXTERNAL ENTITY processing xxe

Blog Post

XML Vulnerabilities

XML EXTERNAL ENTITY (XXE) Processing

According to the 2017 OWASP Top 10, XML External Entity (XXE) processing is has taken the number spot for critical web application security risks.

Learn more

We are an international squad of professionals working as one.

Email

[email protected]

logos