The Risk of Domain Exposure In Running SSL Server Test and How to Prevent It
All it takes is one click. In this article, find out how domain exposure can come about as you conduct an SSL Server Test and what you can do to prevent it.
All it takes is one click. In this article, find out how domain exposure can come about as you conduct an SSL Server Test and what you can do to prevent it.
In the recent webinar ‘Play, Learn, Hear — Cybersecurity x Data Centre Webinar‘ organised by Singapore Computer Society (SCS), Privasec RED Consultant Jonah Tan joined as one of the speakers in the sharing session. It was a day filled with much cybersecurity goodness lined up for the audience, where the cyber security skills of the …
Webinar | Play, Learn, Hear — Cybersecurity x Data Centre Webinar Read More »
The Privasec team represented by Shamane Tan (Chief Growth Officer), Lim Quan Heng (Regional Head of Privasec Asia) had the privilege to speak alongside leaders and experts in the cyber security field at the recent SINCON 2021’s CXO Brief. It was an enjoyable and insightful discussion where the team heard from like-minded industry leaders from around …
The dangers of using server-side PDF generation technologies without properly sanitising user input.
Red Team Attack Simulations mimic an adversary attacking your organisation. Red Team Attack Simulations enable you to understand and improve upon your ability to identify and respond to an adversary tyring to access your systems or information.
But what actually happens during a Red Team and how does an Attack Simulation work in practise?
Red Team Attack Simulations mimic an adversary attacking your organisation. Red Team Attack Simulations enable you to understand and improve upon your ability to identify and respond to an adversary tyring to access your systems or information.
But what actually happens during a Red Team and how does an Attack Simulation work in practise?
This article explores Zentao, understanding how its routing works, and identifying several vulnerabilities that lead to an attack chain that an attacker can execute in order to achieve remote code execution.
For everyone who’s asking, what are the differences with a Red team, Blue and Purple, Black, White and Gold? Find out more here!
Check out our Senior Red Consultant’s talk at the recent CRESTCon Australia 2021, on the ‘The benefits of Infrastructure as Code for Adversary Simulation’.
Not long ago, I assisted a client of ours with a penetration test of their VMware Horizon remote access solution and discovered a vulnerability affecting how it handles Multi-Factor Authentication (MFA). As a result, with a compromised user account password, I could gain access to the organisations internal network from the internet, bypassing the MFA requirement. In this blog, I’ll provide a high-level summary and explain how I identified and exploited the vulnerability.