When starting a penetration test, we first try to discover domains associated with our target apex domain.
To help you navigate this part of the process, we’re going to detail it, highlighting tips and tricks for working around registrant privacy services and other roadblocks you may face.
Resources
Blog
Blog
Keep up to date with the latest offensive security news, knowledge, and resources.
Featured
The Axios supply chain attack exposed why dependency scanning fails against credential compromise. Learn how attackers backdoor popular packages and what your penetration tests are missing.
We are going to dig into Slack workspace compromise to provide additional information and tooling you can use to leverage access. This guidance will build off of “Abusing Slack for Offensive Operations”, a great article Cody Thomas wrote for the SpectrOps blog.
Bug-bounty programs live and die by their ability to target public-facing assets and then expose related vulnerabilities. But one asset is out of their reach, and it’s arguably the most dangerous to your network.
Recent reports from FireEye revealed a large-scale campaign to infect company networks using a modified version of the SolarWinds Orion monitoring agent.
Oh, the world of good ol’ bug-bounty programs. In recent months they’ve become a hot topic for IT teams looking to unearth vulnerabilities. And it’s easy to see why. They’re flashy and promise the world. Your company gets notified when a vulnerability is detected. The bounty hunter gets paid for the finding. Everybody leaves happy. Well, not really. Here’s why
Getting hacked hurts. Not only is it often a PR nightmare and the cause of sleepless nights – a company data breach is a financial fright fest that can cost you millions of dollars.
