VerSprite Security Resources

When it comes to vendor risk, what are the pros and cons of product and custom managed services? Which is better for your organization? Download the guide to learn what to consider in your decision process.

In part II of this three-part series, we dive deeper into hands on examples of identifying usage of named pipe servers within applications using a custom vulnerable application. The methods covered to achieve this goal is through usage of both dynamic and static analysis.

Use of public cloud infrastructure is now commonplace with nearly $60 billion spent annually. Of course, there are good reasons for this as Infrastructure and Platform as a Service provide several advantages over traditional in-house hosting. VerSprite shares key principles that will help you manage your cloud security risk.

During adversarial attack simulations harvesting credentials through phishing are often performed through cloned websites. A cloned website works by copying the front-end (such as the Gmail login page) and hosting it on a domain designed to mimic the real domain.

In previous posts, we have covered security around Azure and AWS cloud solutions and now it’s time to look at the third big contestant, Google Cloud Platform.

In this three-part blog series, we will discuss the mechanics of Windows pipes and how they can be abused by attackers to gain privileged access.

Cybersecurity and geopolitics are inextricably linked. To holistically tackle threats to our information security, we must take a step back and examine their causal roots and drivers, which take place day after day on the international stage.

VerSprite’s Research team uncovers silently patched information leak within Win32k Windows 10 v1709 to v1903. Exploitation of this vulnerability allows attackers to leak the value of win32kbase!gahDpiDepDefaultGuiFonts. Read the N-Day vulnerability and exploit analysis here.

Even if your organization is running a backend web service that doesn’t support HTTPS, there are still options to use HTTPS, such as using Let’s Encrypt and Nginx. Transport Layer Security (TLS) is very important to protect your website from malicious code injections.