Your pentest scope might be missing the biggest risk in your environment: your vendors. See the data and what to do about it.
Resources
Blog
Blog
Keep up to date with the latest offensive security news, knowledge, and resources.
Sometimes when conducting a Penetration Testing exercise or Red Team engagement, you might be interested in extracting password hashes or credentials of your target Windows user, without the use of Mimikatz to avoid detection. This is where you would resort to using an NTLM downgrade attack. In this article we shall discuss how you can be able to perform this...
Ransomware dwell time averages 16 days. Learn why the time attackers spend inside your network, not the breach itself, determines your blast radius and recovery cost.
Matthew Winters of T. Rowe Price joins the pod to discuss how graph thinking changes the way you can investigate threats, mixed in with a nice dose of making life harder for attackers.
Annual pen tests leave 345 days of untested exposure. Learn how continuous penetration testing keeps your security posture audit-ready year-round.
Nick Aures guides us through a real-life pentesting moment with important lessons for authentication using industry-standard technology, in this case JWTs.
