Home | Resources

Security Training & Development

Learn more about our advisory services.

hacking passwords

Blog Post

Social Engineering

Phishing Attacks Through Cloned Websites

During adversarial attack simulations harvesting credentials through phishing are often performed through cloned websites. A cloned website works by copying the front-end (such as the Gmail login page) and hosting it on a domain designed to mimic the real domain.

Learn more

4 Fundamentals of Microsoft Windows Pipes

Blog Post

Microsoft Windows Vulnerabilities

Part I: The Fundamentals of Windows Named Pipes

In this three-part blog series, we will discuss the mechanics of Windows pipes and how they can be abused by attackers to gain privileged access.

Learn more

Attacking LastPass: Compromising an Entire Password Database

Blog Post

Security Vulnerabilities

Attacking LastPass: Compromising an Entire Password Database

LastPass is a commonly used cloud-based password management solution that stores hundreds of unique and strong passwords, but what if a user’s entire password database is compromised? While a cloud-based solution to password management is very convenient, it isn’t without its own set of dangers.

Learn more

forensic analysis

Report

Phishing Attacks

Preparing Your Microsoft Office 365 Environment for Forensic Analysis

Microsoft’s Office 365 adoption continues among larger enterprises with small and medium size businesses adopting at lower rates. It is important to know that auditing may not be enabled currently in your Microsoft Office 365 environment you manage. Download the step-by-step guide to enabling auditing.

Learn more

Data Management and Security Controls

Blog Post

Continuous Integration & Continuous Delivery (CI/CD)

How to Approach Integrating Application Security into Your SDLC

In this blog post we will take a deeper dive into exactly how to approach integrating security into your Software Development LifeCycle (SDLC). In addition, we will delve into one available resource that provides guidance on how to get started.

Learn more

Over the last couple of days, an innovative campaign to spread phishing was detected. This attack used the Google translate service to make malicious links appear legitimate when visited only on mobile browsers.

Blog Post

Email Forensics

Phishing Site Uses Google Translate

An innovative campaign to spread phishing was recently detected. This attack used the Google translate service to make malicious links appear legitimate when visited only on mobile browsers.

Learn more

Exploitation-Remote-WCF-Vulnerabilities

Blog Post

Microsoft Windows Vulnerabilities

Exploitation of Remote WCF Vulnerabilities

In this blog, we’ll be discussing the discovery, analysis, and exploitation of CVE-2019-8917 which is a remotely exploitable WCF vulnerability that we discovered in SolarWinds Orion NPM 12.3.

Learn more

transport layer security

Blog Post

Security Awareness Training

TLS 1.3 and Major TLS Libraries Vulnerable

Attackers may take over accounts and pose as clients or employees to entice those controlling corporate accounts to divulge information or open malicious documents. These types of scenarios should be incorporated into user awareness training. Do not trust anyone online simply based on who they purport to be.

Learn more

Abusing Insecure Windows Communication Foundation (WCF) Endpoints

Presentation

Exploitation of Vulnerabilities

Abusing Insecure Windows Communication Foundation (WCF) Endpoints

A trend that the VerSprite Research team noticed in .NET services is the exposure of dangerous methods through insecure WCF endpoints. Download this presentation for a high-level overview of the WCF terminals and receive a practical analysis.

Learn more

We are an international squad of professionals working as one.

Email

[email protected]

logos