Domain Exposure Via Qualys SSL Server Test
All it takes is one click. In this article, find out how domain exposure can come about as you conduct an SSL Server Test and what you can do to prevent it.
All it takes is one click. In this article, find out how domain exposure can come about as you conduct an SSL Server Test and what you can do to prevent it.
The dangers of using server-side PDF generation technologies without properly sanitising user input.
Red Team Attack Simulations mimic an adversary attacking your organisation. Red Team Attack Simulations enable you to understand and improve upon your ability to identify and respond to an adversary tyring to access your systems or information.
But what actually happens during a Red Team and how does an Attack Simulation work in practise?
Red Team Attack Simulations mimic an adversary attacking your organisation. Red Team Attack Simulations enable you to understand and improve upon your ability to identify and respond to an adversary tyring to access your systems or information.
But what actually happens during a Red Team and how does an Attack Simulation work in practise?
The impact from a lack of security awareness training through the eyes of a recent red team engagement performed by the Privasec Red team.
This article explores Zentao, understanding how its routing works, and identifying several vulnerabilities that lead to an attack chain that an attacker can execute in order to achieve remote code execution.
For everyone who’s asking, what are the differences with a Red team, Blue and Purple, Black, White and Gold? Find out more here!
Check out our Senior Red Consultant’s talk at the recent CRESTCon Australia 2021, on the ‘The benefits of Infrastructure as Code for Adversary Simulation’.
Not long ago, I assisted a client of ours with a penetration test of their VMware Horizon remote access solution and discovered a vulnerability affecting how it handles Multi-Factor Authentication (MFA). As a result, with a compromised user account password, I could gain access to the organisations internal network from the internet, bypassing the MFA requirement. In this blog, I’ll provide a high-level summary and explain how I identified and exploited the vulnerability.