Home | Resources
VerSprite emulates realistic cyber attacks by a malicious actor using PASTA Threat Modeling (Process for Attack Simulation and Threat Analysis). Our risk-based threat modeling methodology consists of 7 stages for simulating cyber attacks and analyzing threats to the organization and application. This allows our pentesters, redteamers, and cybersecurity analysts to help your organization identify critical vulnerabilities and minimize real-world risks associated business impact. Learn More →
software supply chain attack
Vietnam’s government is the latest victim in a string of complex supply chain attacks. This attack targeted the VGCA using a backdoor trojan called PhantomNet. VerSprite’s Threat Intelligence team give a brief overview of the important details you need to know.
Learn more
Bethany Keele
Exploit Development
A web-accessible backdoor was found in affordable Wi-Fi routers sold at Walmart, eBay, and Amazon. In this article, VerSprite experts explore the backdoor vulnerability investigation and provide mitigation solutions.
Peter Vogelberger
Threat Intelligence
With an increase of 43% in social media fraud attacks since 2019, cybercriminals are looking for new ways to exploit platforms such as Twitter, Facebook, LinkedIn, and Instagram.
Versprite
PASTA Threat Modeling
The foundation of VerSprite’s penetration testing service is based on emulating realistic attacks by a malicious actor through the use of PASTA (Process for Attack Simulation and Threat Analysis).
Joaquin Paredes
Cyberwarfare
Modeling for threats forces an adversarial lens for security operations team members. Via evidence backed attack simulations, security operations centers (SOC) can define a blueprint for defense that factors in motives, related attack patterns, and realistic targets.
Given the noticeable upward trend in Azure adoption, let’s explore more about Azure security, compliance, and its other rich capabilities. In this post we’ll just touch on big picture and what is important to securing your Azure environment.
Greg Mosher
Security Vulnerabilities
On June 17, 2019 the Department of Homeland Security (DHS) issued an alert for the Microsoft Windows Remote Code Execution (RCE) vulnerability named BlueKeep and CVE-2019-0708.
Jason Bell
Attack Surface
Microsoft published an advisory on a critical vulnerability found in the Microsoft Outlook Android application. The attack happens when an email is sent to the victim with an embedded hidden code.
Cross-Site Scripting (XSS) Attack
Mozilla Firefox has patched multiple zero days that could lead to arbitrary code being executed remotely. The first vulnerability that was patched was a Universal Cross-site Scripting (UXSS) attack and worked on any Windows, MacOS and Linux device.
Back to Resources
We are an international squad of professionals working as one.
Email
Phone