Home | Resources

Security Training & Development

Learn more about our advisory services.

Part I: The Fundamentals of Windows Named Pipes

Blog Post

Security Vulnerabilities

In this three-part blog series, we will discuss the mechanics of Windows pipes and how they can be abused by attackers to gain privileged access.

Learn more

Phishing Attacks Through Cloned Websites

Blog Post

Multi-Factor Authentication

During adversarial attack simulations harvesting credentials through phishing are often performed through cloned websites. A cloned website works by copying the front-end (such as the Gmail login page) and hosting it on a domain designed to mimic the real domain.

Learn more

Attacking LastPass: Compromising an Entire Password Database

Blog Post

Man-in-The-Middle (MiTM) Attacks

LastPass is a commonly used cloud-based password management solution that stores hundreds of unique and strong passwords, but what if a user’s entire password database is compromised? While a cloud-based solution to password management is very convenient, it isn’t without its own set of dangers.

Learn more

Preparing Your Microsoft Office 365 Environment for Forensic Analysis

Report

Phishing Attacks

Microsoft’s Office 365 adoption continues among larger enterprises with small and medium size businesses adopting at lower rates. It is important to know that auditing may not be enabled currently in your Microsoft Office 365 environment you manage. Download the step-by-step guide to enabling auditing.

Learn more

How to Approach Integrating Application Security into Your SDLC

Blog Post

Software Development Lifecycle (SDLC)

In this blog post we will take a deeper dive into exactly how to approach integrating security into your Software Development LifeCycle (SDLC). In addition, we will delve into one available resource that provides guidance on how to get started.

Learn more

Phishing Site Uses Google Translate

Blog Post

Malware Protection & Detection

An innovative campaign to spread phishing was recently detected. This attack used the Google translate service to make malicious links appear legitimate when visited only on mobile browsers.

Learn more

Exploitation of Remote WCF Vulnerabilities

Blog Post

In this blog, we’ll be discussing the discovery, analysis, and exploitation of CVE-2019-8917 which is a remotely exploitable WCF vulnerability that we discovered in SolarWinds Orion NPM 12.3.

Learn more

TLS 1.3 and Major TLS Libraries Vulnerable

Blog Post

Social Engineering

Attackers may take over accounts and pose as clients or employees to entice those controlling corporate accounts to divulge information or open malicious documents. These types of scenarios should be incorporated into user awareness training. Do not trust anyone online simply based on who they purport to be.

Learn more

Abusing Insecure Windows Communication Foundation (WCF) Endpoints

Presentation

Exploit Development

A trend that the VerSprite Research team noticed in .NET services is the exposure of dangerous methods through insecure WCF endpoints. Download this presentation for a high-level overview of the WCF terminals and receive a practical analysis.

Learn more

We are an international squad of professionals working as one.

Email

[email protected]

logos