The Risk of Domain Exposure In Running SSL Server Test and How to Prevent It
All it takes is one click. In this article, find out how domain exposure can come about as you conduct an SSL Server Test and what you can do to prevent it.
Privasec RED
Webinar | Play, Learn, Hear — Cybersecurity x Data Centre Webinar
In the recent webinar ‘Play, Learn, Hear — Cybersecurity x Data Centre Webinar‘ organised by Singapore Computer Society (SCS), Privasec RED Consultant Jonah Tan joined as one of the speakers in the sharing session. It was a day filled with much cybersecurity goodness lined up for the audience, where the cyber security skills of the …
Webinar | Play, Learn, Hear — Cybersecurity x Data Centre Webinar Read More »
SINCON 2021 | CXO Brief
The Privasec team represented by Shamane Tan (Chief Growth Officer), Lim Quan Heng (Regional Head of Privasec Asia) had the privilege to speak alongside leaders and experts in the cyber security field at the recent SINCON 2021’s CXO Brief. It was an enjoyable and insightful discussion where the team heard from like-minded industry leaders from around …
PDF Generator Best Practices
The dangers of using server-side PDF generation technologies without properly sanitising user input.
Demystifying Two Different Worlds: A Look into ISO 27001 and Red Teaming
Red Team Attack Simulations mimic an adversary attacking your organisation. Red Team Attack Simulations enable you to understand and improve upon your ability to identify and respond to an adversary tyring to access your systems or information.
But what actually happens during a Red Team and how does an Attack Simulation work in practise?
What happens during a Red Team Attack Simulation?
Red Team Attack Simulations mimic an adversary attacking your organisation. Red Team Attack Simulations enable you to understand and improve upon your ability to identify and respond to an adversary tyring to access your systems or information.
But what actually happens during a Red Team and how does an Attack Simulation work in practise?
ZenTao CMS – A Monkey’s journey to Priv Esc & Remote Code Execution
This article explores Zentao, understanding how its routing works, and identifying several vulnerabilities that lead to an attack chain that an attacker can execute in order to achieve remote code execution.
Red, Blue, Purple, White, Black & Gold Team
For everyone who’s asking, what are the differences with a Red team, Blue and Purple, Black, White and Gold? Find out more here!
The Benefits Of Infrastructure As Code
Check out our Senior Red Consultant’s talk at the recent CRESTCon Australia 2021, on the ‘The benefits of Infrastructure as Code for Adversary Simulation’.
CVE-2020-3977: VMware Horizon DaaS Broken Authentication (MFA Bypass)
Not long ago, I assisted a client of ours with a penetration test of their VMware Horizon remote access solution and discovered a vulnerability affecting how it handles Multi-Factor Authentication (MFA). As a result, with a compromised user account password, I could gain access to the organisations internal network from the internet, bypassing the MFA requirement. In this blog, I’ll provide a high-level summary and explain how I identified and exploited the vulnerability.