Main navigation
Why CyberArk
CyberArk is the trusted leader in Privileged Account Security, with more than half of the Fortune 100 companies relying on our solutions to protect their most critical and high-value assets
CyberArk In The News
BLOGS
NEWS
EVENTS
The CyberArk Blog
Threat Research Blog
Four Critical Steps for Securing API Keys in Your Organization’s Cloud Workloads
Automation enables organizations to leverage the dynamic capabilities of the cloud. Today, enterprises are increasingly leveraging automation tools and DevOps initiatives to drive greater business agility, improve efficiency and optimize business processes. To achieve this agility securely, automation tools pass credentials through APIs to ensure that only authenticated automation tools, applications, etc. can access the […]
The Whys and Wherefores of Automating Privileged Tasks
A task can be defined as: noun 1. A piece of work that needs to be done regularly. verb 2. Assign a piece of work to. IT operations teams are often inundated with menial, regular and repetitive tasks (e.g. trigger events, running daily monitoring activities and starting services) that can not only be damaging to […]
Introducing CyberArk Conjur Open Source Secrets Management Solution
“Don’t underestimate the power of your vision to change the world. Whether that world is your office, your community, an industry or a global movement, you need to have a core belief that what you contribute can fundamentally change the paradigm or way of thinking about problems.”– Leroy Hood Today, I am excited to announce […]
Implementing Malware Command and Control Using Major CDNs and High-Traffic Domains
In this blog post, we will present a new technique for domain fronting, which enables attackers to abuse Content Delivery Networks (CDNs) to mask malware command and control (C2) traffic. This research demonstrates a new technique for hiding a C2 channel completely within a CDN. While many CDNs are potentially impacted, Akamai is one of […]
Red Team Insights on HTTPS Domain Fronting Google Hosts Using Cobalt Strike
In this blog post, we will cover HTTPS domain fronting Google hosts (google.com, mail.google.com, etc.) using Cobalt Strike. Domain fronting via google.com has been used by adversaries, and it is valuable to include as part of Red Team assessments. Domain Fronting is a technique to hide the remote endpoint of communication while leveraging high reputation […]
GhostHook – Bypassing PatchGuard with Processor Trace Based Hooking
In this article, we’ll present a new hooking technique that we have found during our research work. Hooking techniques give you the control over the way an operating system or a piece of software behaves. Some of the software that utilizes hooks include: application security solutions, system utilities, tools for programming (e.g. interception, debugging, extending […]
Recurring
Webinar Series: On The Front Lines
01/10/2017 - 04/10/2017
FS-ISAC Fall Summit
10/10/2017 - 12/10/2017