Home | Resources
VerSprite emulates realistic cyber attacks by a malicious actor using PASTA Threat Modeling (Process for Attack Simulation and Threat Analysis). Our risk-based threat modeling methodology consists of 7 stages for simulating cyber attacks and analyzing threats to the organization and application. This allows our pentesters, redteamers, and cybersecurity analysts to help your organization identify critical vulnerabilities and minimize real-world risks associated business impact. Learn More →
gnu/linux
As we discussed in the previous parts, the Linux Kernel is a collection of code written entirely in C. This is important to keep in mind while we are dealing with the attack floats because the vulnerabilities found in the Linux Kernel can be found in any executable file written using the C programming language.
Learn more
Batuhan Irmak
ubuntu (operating system)
In this section, we explore how these boundaries and privileges are shaped and even how they can change. We analyze User Mode and Kernel Mode, what the modes were developed for, and how the two are related.
kernel
In the next series of articles, we conduct extensive research on Linux operating system. We do a deep dive into its architecture, strengths, vulnerabilities, and optimal ways to mitigate threats to the system
Web Application Security
Universally Unique IDentifiers, also known as UUIDs or GUIDs, are 128-bit numbers used to uniquely identify information in computer systems. As the name implies, UUIDs should be for practical purposes unique and ideally hard to guess. BUT BE CAREFUL! An attacker might be able to predict future UUIDs.
Matias Choren
Transport Layer Security (TLS)
Even if your organization is running a backend web service that doesn’t support HTTPS, there are still options to use HTTPS, such as using Let’s Encrypt and Nginx. Transport Layer Security (TLS) is very important to protect your website from malicious code injections.
Mark Rood
Man-in-The-Middle (MiTM) Attacks
When performing red teaming engagements, you typically have to assess the Wireless infrastructure used by the target in an attempt to find a way to set foot on their network infrastructure, and then search for completing your goals (which usually include obtaining sensitive business data or accessing critical systems).
Juan Caillava
Security Vulnerabilities
A critical issue has been discovered in Chrome that allows malicious attackers to escape the browser’s sandbox and execute code on the underlying operating system.
Zach Varnell
Attackers may take over accounts and pose as clients or employees to entice those controlling corporate accounts to divulge information or open malicious documents. These types of scenarios should be incorporated into user awareness training. Do not trust anyone online simply based on who they purport to be.
Google Security
As of the latest release of Chrome, sites not using TLS encryption are being called out in the address bar. Users will now see a “Not Secure” label when visiting sites over plain HTTP, even if the site does not transmit sensitive information.
Back to Resources
We are an international squad of professionals working as one.
Email
Phone
