Home | Resources

Threat & Vulnerability Management

VerSprite Evolved Cybersecurity Consulting

Pasta Threat Modeling

PASTA Threat Modeling: 7 Stages for Simulating Cyber Attacks

VerSprite emulates realistic cyber attacks by a malicious actor using PASTA Threat Modeling (Process for Attack Simulation and Threat Analysis). Our risk-based threat modeling methodology consists of 7 stages for simulating cyber attacks and analyzing threats to the organization and application. This allows our pentesters, redteamers, and cybersecurity analysts to help your organization identify critical vulnerabilities and minimize real-world risks associated business impact.

Learn More →

security awareness

Blog Post

Security Vulnerabilities

Penetration Testing Methodology: Emulating Realistic Attacks by a Malicious Actor

The foundation of VerSprite’s penetration testing service is based on emulating realistic attacks by a malicious actor through the use of PASTA (Process for Attack Simulation and Threat Analysis).

Learn more

Leveraging PASTA for Strategic Security Operations Management - Exploit Testing

Webinar

Exploit Development

Leveraging PASTA Threat Modeling for Strategic Security Operations Management & Exploit Testing

Modeling for threats forces an adversarial lens for security operations team members. Via evidence backed attack simulations, security operations centers (SOC) can define a blueprint for defense that factors in motives, related attack patterns, and realistic targets.

Learn more

cloud azure security

Blog Post

Security Vulnerabilities

Why an Increasing Number of Clients Are Migrating to Microsoft Azure

Given the noticeable upward trend in Azure adoption, let’s explore more about Azure security, compliance, and its other rich capabilities. In this post we’ll just touch on big picture and what is important to securing your Azure environment.

Learn more

Microsoft BlueKeep Vulnerability

Blog Post

Security Vulnerabilities

Microsoft Windows Remote Code Execution (RCE) Vulnerability: BlueKeep

On June 17, 2019 the Department of Homeland Security (DHS) issued an alert for the Microsoft Windows Remote Code Execution (RCE) vulnerability named BlueKeep and CVE-2019-0708.

Learn more

Microsoft Outlook for Android Vulnerable to Cross-Site Scripting

Blog Post

Cross-Site Scripting (XSS) Attack

Microsoft Outlook for Android Vulnerable to Cross-Site Scripting

Microsoft published an advisory on a critical vulnerability found in the Microsoft Outlook Android application. The attack happens when an email is sent to the victim with an embedded hidden code.

Learn more

Mozilla Firefox Patches Multiple Zero Days

Blog Post

Exploitation of Vulnerabilities

Mozilla Firefox Patches Multiple Zero Days

Mozilla Firefox has patched multiple zero days that could lead to arbitrary code being executed remotely. The first vulnerability that was patched was a Universal Cross-site Scripting (UXSS) attack and worked on any Windows, MacOS and Linux device.

Learn more

password

Blog Post

NTML Passwords Insecure

Hashcat is the world’s fastest and most advanced password recovery utility. This software on its 6.0.0 beta version can now crack an eight-character Windows NTLM password hash under 2 hours 30 minutes.

Learn more

wordpress

Blog Post

Security Vulnerabilities

Critical Vulnerability in WordPress Core

Security researchers at RIPS Technologies GmbH have published research about a critical remote command execution (RCE) in WordPress 5.0. This issue affects all the previous released versions in the past 6 years.

Learn more

Over the last couple of days, an innovative campaign to spread phishing was detected. This attack used the Google translate service to make malicious links appear legitimate when visited only on mobile browsers.

Blog Post

Security Awareness Training

Phishing Site Uses Google Translate

An innovative campaign to spread phishing was recently detected. This attack used the Google translate service to make malicious links appear legitimate when visited only on mobile browsers.

Learn more

We are an international squad of professionals working as one.

Email

[email protected]

logos