Threat Research​

  • Masking Malicious Memory Artifacts – Part I: Phantom DLL Hollowing

    Masking Malicious Memory Artifacts – Part I: Phantom DLL Hollowing

    Introduction With fileless malware becoming a ubiquitous feature of most modern Red Teams, knowledge in the domain of memory stealth and detection is becoming an increasingly valuable skill to add...

    Read Article
  • Cyber Attacks in the Pandemic Era: More of the Same  

    Cyber Attacks in the Pandemic Era: More of the Same  

    Since COVID-19 began to spread rapidly across the globe, we’ve seen near-constant headlines of cyber attacks hitting organizations in the midst of chaos. An elite group of cyber criminals launched...

    Read Article
  • Don't Miss Impact Live 2020!

    REGISTER NOW
  • Introducing Evasor: A New Pen Test Tool for WindowAppLocker

    Introducing Evasor: A New Pen Test Tool for WindowAppLocker

    For anyone who may not be familiar, Windows AppLocker is an application whitelisting technology that allows administrators to control which executable files are allowed to be executed. With...

    Read Article
  • Group Policies Going Rogue

    Group Policies Going Rogue

    This blog –part of a year-long research project that uncovered 60 different vulnerabilities across major vendors – discusses a vulnerability in the Windows group policy object (GPO) mechanism....

    Read Article
  • Bug Hunting Stories: Schneider Electric & The Andover Continuum Web.Client

    Bug Hunting Stories: Schneider Electric & The Andover Continuum Web.Client

    As a penetration tester, my mission is to find vulnerabilities. To sharpen my skills and to stay up-to-date with new technologies, I spend my free time hacking on numerous bug bounty programs on...

    Read Article
  • Analyzing the Raccoon Stealer

    Analyzing the Raccoon Stealer

    Raccoon stealer is not the most sophisticated malware that’s available to cyber attackers, but it proves to be quite effective.

    Read Flipbook
  • When a CLI Falls for an Attacker

    When a CLI Falls for an Attacker

    A few months ago, I was working on research that involved spanning up and down multiple virtual machines in AWS and used AWS CLI in order to manage them. I decided to make a small...

    Read Article
  • Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams

    Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams

    Executive Summary As more and more business is conducted from remote locations, attackers are focusing their efforts on exploiting the key technologies – like Zoom and Microsoft Teams – that...

    Read Article
  • Wild Temporary Tokens and Where to Find Them – AWS Edition

    Wild Temporary Tokens and Where to Find Them – AWS Edition

    AWS is one of the most successful cloud solutions available today. As a pioneer in the infrastructure-as-a-service (IaaS) scene, AWS has more than a million customers. Part of that success is...

    Read Article
  • Explain Like I’m 5: Remote Desktop Protocol (RDP)

    Explain Like I’m 5: Remote Desktop Protocol (RDP)

    Table of Contents Introduction RDP Connection Connection Sequence | Basic Input and Output Channels in RDP | Data Compression RDP Security | Recent RDP Vulnerabilities Conclusion References  ...

    Read Article
  • I Know What Azure Did Last Summer

    I Know What Azure Did Last Summer

    More and more companies are deciding to move their infrastructures into cloud environments offered by Microsoft Azure, Google Cloud Computing, Amazon AWS and many more. In our modern and rapidly...

    Read Article
  • CoronaVirus Ransomware

    CoronaVirus Ransomware

    These days, when the world is focused on getting a handle on the COVID-19 crisis, cybercriminals are taking advantage of our desire for information. We’re seeing all kinds of attacks leveraging...

    Read Article
  • Don't Miss Impact Live 2020!

    REGISTER NOW
  • Solution Brief: Pass-The-Hash

    Solution Brief: Pass-The-Hash

    Learn about Pass-the-Hash, an advanced cyberattack in which an attacker steals account credentials from one computer, then uses them to authenticate to other access points in a network.

    Read Flipbook
  • CyberArk Red Team Cloud Security Services

    CyberArk Red Team Cloud Security Services

    The CyberArk Red Team offers cloud-focused expertise to help internal teams hone their skills in a safe environment while also making risk-based recommendations for better cloud and hybrid security.

    Read Flipbook
  • Analyzing Ransomware and Potential Mitigation Strategies

    Analyzing Ransomware and Potential Mitigation Strategies

    Ransomware, one of the most pervasive and dangerous threats facing organizations today is everywhere. Read more to find out how CyberArk helps mitigate ransomware threats.

    Read Flipbook
  • Behind the Hidden Conversion of Electricity to Money: An In-Depth Analysis of XMR Cryptominer Malware

    Behind the Hidden Conversion of Electricity to Money: An In-Depth Analysis of XMR Cryptominer Malware

    Cryptomining is a new attack method that has led to several high-profile and high-net attacks on organizations where computer systems are overrun and used to mine cryptocurrency. Learn more here.

    Read Flipbook
  • Predicting Risk: Credential Theft Foresight

    Predicting Risk: Credential Theft Foresight

    This whitepaper examines the research behind credential theft precognition, and how it’s a significant defensive advantage over traditional security tools.

    Read Flipbook
  • Kerberos Decryption

    Kerberos Decryption

    This white paper highlights the potential risk hiding in hidden parts of Kerberos using decryption to bridge the gap between attackers and the defenders.

    Read Flipbook
  • BlackDirect: Microsoft Azure Account Takeover

    BlackDirect: Microsoft Azure Account Takeover

    While working on research associated with Microsoft Azure and Microsoft OAuth 2.0, we found a vulnerability that allows for the takeover of Microsoft Azure Accounts.

    Read Article
  • Kubernetes Pentest Methodology Part 3

    Kubernetes Pentest Methodology Part 3

    A Technical Deep Dive Into Insider Kubernetes Attack Vectors In part one and part two of our series on Kubernetes penetration test methodology we covered the security risks that can be created by...

    Read Article
  • loading
    Loading More...