Blog

Bug-bounty programs live and die by their ability to target public-facing assets and then expose related vulnerabilities. But one asset is out of their reach, and it’s arguably the most dangerous to your network.

Recent reports from FireEye revealed a large-scale campaign to infect company networks using a modified version of the SolarWinds Orion monitoring agent.

Oh, the world of good ol’ bug-bounty programs. In recent months they’ve become a hot topic for IT teams looking to unearth vulnerabilities. And it’s easy to see why. They’re flashy and promise the world. Your company gets notified when a vulnerability is detected. The bounty hunter gets paid for the finding. Everybody leaves happy. Well, not really. Here’s why

Getting hacked hurts. Not only is it often a PR nightmare and the cause of sleepless nights – a company data breach is a financial fright fest that can cost you millions of dollars.

Practical, expert-tested guidance you can apply to immediately improve your network security.

Good command-and-control infrastructure requires a known, trusted domain. When you’re first starting out, this can be difficult to find, but luckily other testers have provided many great resources.