Home | Resources

Security Training & Development

Learn more about our advisory services.

Phishing Attacks Through Cloned Websites

Blog Post

Phishing Attacks

During adversarial attack simulations harvesting credentials through phishing are typically performed through cloned websites. A cloned website works by essentially copying the front-end (such as the Gmail login page) and hosting it on a domain designed to mimic the real domain (gmail.com vs. gmail.com-google.net).

Learn more

Attacking LastPass: Compromising an Entire Password Database

Blog Post

Man-in-The-Middle (MiTM) Attacks

LastPass is a commonly used cloud-based password management solution that stores hundreds of unique and strong passwords, but what if a user’s entire password database is compromised? While a cloud-based solution to password management is very convenient, it isn’t without its own set of dangers.

Learn more

Preparing Your Microsoft Office 365 Environment for Forensic Analysis

Report

Phishing Attacks

Microsoft’s Office 365 adoption continues among larger enterprises with small and medium size businesses adopting at lower rates. It is important to know that auditing may not be enabled currently in your Microsoft Office 365 environment you manage. Download the step-by-step guide to enabling auditing.

Learn more

How to Approach Integrating Application Security into Your SDLC

Blog Post

Continuous Integration & Continuous Delivery (CI/CD)

In this blog post we will take a deeper dive into exactly how to approach integrating security into your Software Development LifeCycle (SDLC). In addition, we will delve into one available resource that provides guidance on how to get started.

Learn more

Phishing Site Uses Google Translate

Blog Post

Google Security

An innovative campaign to spread phishing was recently detected. This attack used the Google translate service to make malicious links appear legitimate when visited only on mobile browsers.

Learn more

Exploitation of Remote WCF Vulnerabilities

Blog Post

In this blog, we’ll be discussing the discovery, analysis, and exploitation of CVE-2019-8917 which is a remotely exploitable WCF vulnerability that we discovered in SolarWinds Orion NPM 12.3.

Learn more

TLS 1.3 and Major TLS Libraries Vulnerable

Blog Post

Social Engineering

Attackers may take over accounts and pose as clients or employees to entice those controlling corporate accounts to divulge information or open malicious documents. These types of scenarios should be incorporated into user awareness training. Do not trust anyone online simply based on who they purport to be.

Learn more

Abusing Insecure Windows Communication Foundation (WCF) Endpoints

Presentation

Windows Security Vulnerabilities

A trend that the VerSprite Research team noticed in .NET services is the exposure of dangerous methods through insecure WCF endpoints. Download this presentation for a high-level overview of the WCF terminals and receive a practical analysis.

Learn more

Evolving with Cybercriminals: How to Respond to Social Engineering Techniques

Ebook

As cybercriminals evolve their tactics in social engineering, we too must evolve our procedures in response and prevention. Learn more about social engineering trends and discover how to protect your organization against cybercriminals.

Learn more

We are an international squad of professionals working as one.

Email

[email protected]

logos