Home | Resources

Threat & Vulnerability Management

Learn more about our advisory services.

Penetration Testing Methodology Emulating Realistic Attacks by a Malicious Actor

Blog Post

Threat Modeling

Penetration Testing Methodology: Emulating Realistic Attacks by a Malicious Actor

The foundation of VerSprite’s penetration testing methodology is based on emulating realistic attacks by a malicious actor through the use of PASTA (Process for Attack Simulation and Threat Analysis).

Learn more

Security Gaps Found in DeKalb County's Data Center

Video

ATL Channel 2 News Interviews VerSprite CEO on Security Gaps Found in DeKalb Data Center

Tony UcedaVélez, VerSprite CEO, is interviewed about recent report finding security gaps in DeKalb County’s data center: “Environments where you have too many people having access to sensitive areas is naturally a problem…”

Learn more

cloud azure security

Blog Post

Microsoft Azure Cloud Computing

Why an Increasing Number of Clients Are Migrating to Microsoft Azure

Given the noticeable upward trend in Azure adoption, let’s explore more about Azure security, compliance, and its other rich capabilities. In this post we’ll just touch on big picture and what is important to securing your Azure environment.

Learn more

Leveraging PASTA for Strategic Security Operations Management - Exploit Testing

Webinar

Security Controls

Leveraging PASTA Threat Modeling for Strategic Security Operations Management & Exploit Testing

Modeling for threats forces an adversarial lens for security operations team members. Via evidence backed attack simulations, security operations centers (SOC) can define a blueprint for defense that factors in motives, related attack patterns, and realistic targets.

Learn more

Microsoft BlueKeep Vulnerability

Blog Post

Exploitation of Vulnerabilities

Microsoft Windows Remote Code Execution (RCE) Vulnerability: BlueKeep

On June 17, 2019 the Department of Homeland Security (DHS) issued an alert for the Microsoft Windows Remote Code Execution (RCE) vulnerability named BlueKeep and CVE-2019-0708.

Learn more

Microsoft Outlook for Android Vulnerable to Cross-Site Scripting

Blog Post

Microsoft Windows Vulnerabilities

Microsoft Outlook for Android Vulnerable to Cross-Site Scripting

Microsoft published an advisory on a critical vulnerability found in the Microsoft Outlook Android application. The attack happens when an email is sent to the victim with an embedded hidden code.

Learn more

Mozilla Firefox Patches Multiple Zero Days

Blog Post

Web Application Security

Mozilla Firefox Patches Multiple Zero Days

Mozilla Firefox has patched multiple zero days that could lead to arbitrary code being executed remotely. The first vulnerability that was patched was a Universal Cross-site Scripting (UXSS) attack and worked on any Windows, MacOS and Linux device.

Learn more

password

Blog Post

Password Management

NTML Passwords Insecure

Hashcat is the world’s fastest and most advanced password recovery utility. This software on its 6.0.0 beta version can now crack an eight-character Windows NTLM password hash under 2 hours 30 minutes.

Learn more

wordpress

Blog Post

Web Application Security

Critical Vulnerability in WordPress Core

Security researchers at RIPS Technologies GmbH have published research about a critical remote command execution (RCE) in WordPress 5.0. This issue affects all the previous released versions in the past 6 years.

Learn more

We are an international squad of professionals working as one.

Email

[email protected]

logos