privilege escalation SrClient DLL Hijacking: a Windows Server 2012 0-day that won't be patched This blog discusses a DLL hijacking vulnerability affecting all versions of Windows Server 2012 (but not Server 2012 R2). This 0-day vulnerability can be exploited for privilege escalation by any regular user and does not require a system reboot, yet it will not be patched by Microsoft.
research What’s in a (re)name: RCE Hunting in CMSs via Unrestricted File Upload Earlier this year, our threat researcher found three easily exploitable vulnerabilities in CMS apps, including two that could result in remote code execution (RCE). This article combines write-ups for these vulnerabilities.
research When the PATH to SYSTEM is wide open: Philips SmartControl DLL hijacking (CVE-2020-7360) Earlier this year our threat researcher found a DLL hijacking flaw affecting Philips SmartControl (CVE-2020-7360). Our latest blog post combines a write-up of this vulnerability with a general introduction to DLL hijacking for infosec students.
penetration testing Avoiding SMB Rate Limits During Authentication Attacks Here's a quick workaround for when you get rate limited during a password attack against the SMB service.
ciso Automated Penetration Testing: 5 Benefits for CISOs Automation is a potential game-changer for offensive security in 2020. Let's explore some of the benefits for CISOs.
research 2019/2020: A Few Cybersecurity Reflections and Predictions Reflections on a few major cybersecurity developments of 2019, and on how these will shape the industry in 2020.
social engineering Winter Is Here, and so Are Holiday Cyber Scams A closer look at 5 most common variants of holiday cyber attacks.
social engineering Social Engineering 2.0 - Evasive Spear Phishing and Vendor Email Compromise From phishing and BEC to evasive spear phishing and VEC + tips on what you can do to defend against these sophisticated attacks.
research 13 Freaky Infosec Facts 13 freaky infosec facts that show how freaky and deadly technology can get.
penetration testing Penetration testing... on a new level vPenTest simplifies the process of identifying new threats within your environment on an on-going basis without the traditional challenges and concerns.
research What You Don't Know Can Most Certainly Hurt You: The Importance of Phishing Assessments Not knowing how susceptible your employees are could be a huge opportunity for attackers.
best practices Top 5 Ways to Secure Your Online Accounts Here are our top 5 recommendations for securing your online accounts as your digital footprint continues to grow.
research How to prevent a catastrophic cyberattack like the City of Baltimore ransomware disaster Learn more details about the cyber attack against the City of Baltimore and how to avoid being the next victim.
post-exploitation Post-Exploitation with Leprechaun Finding valuable data during post-exploitation can be a challenge. Leprechaun helps solve this problem.
research Equifax Data Breach's Impact on Search Trends Is the Equifax data breach the only one people care about? Let's take a look.
ciso Getting the Most out of Your Network Penetration Test Most organizations don't maximize the opportunities presented during a security assessment. Let's discuss what some of those are.
research Web Applications Are Becoming Increasingly Insecure As more services move their services to web apps, the exposure to a data breach increases. Let's discuss some issues and solutions.
penetration testing Taking Over IPv6 Networks Let's take a deeper look at how rogue DHCPv6 servers can lead to a successful attack against IPv6 networks.
ciso Why Your Organization Needs a Penetration Test Learn why replacing a penetration test with a vulnerability assessment may not always be a good idea.
faq Penetration Test vs Vulnerability Assessment: What's the difference? Understanding the difference between a penetration test and a vulnerability assessment could significantly impact your perspective of security at your organization. Learn more.
research Cybercriminals are still targeting RDP services Unnecessary public-facing services is a common issue that many organizations face. Learn more about how these services, such as RDP, could pose a threat.
social engineering Exploiting the Human Factor Employees are the biggest threat to an organization's critical information systems and confidential data. We focus on four core areas in this blog.
faq What is WPA3 and What Do I Need to Know? The Wi-Fi Alliance has announced the release of WPA3. Check out some of its features and what your organization needs to know to get prepared.
community outreach NOLA SPAWAR Cyber Security Camp for Kids 2018 Vonahi Security partnered with the US Navy's SPAWAR during their Cyber Security Camp for Kids at Southern University at New Orleans event. Take a look at how it went.
physical security Preparing for Your First Physical Penetration Test Conducting a physical penetration test for the first time can be an intimidating process. Read more on how to properly prepare.
