penetration testing – Page 11

What is a Pentester, and Can They Prevent Data Breaches?

Posted on February 9, 2023 by Jennifer Gregory

With the cost of data breaches at an all-time high, organizations are working to proactively identify areas of risk on the network. Using pentesters to conduct penetration (pen) testing is becoming more common. To protect themselves, businesses must know their risk areas before hackers find vulnerabilities. Organizations can lower their attack risk by protecting against […]

The post What is a Pentester, and Can They Prevent Data Breaches? appeared first on Security Intelligence.

Continue reading What is a Pentester, and Can They Prevent Data Breaches?→

Azure AD Kerberos Tickets: Pivoting to the Cloud

Posted on February 9, 2023 by Roza Maille

If you’ve ever been doing an Internal Penetration test where you’ve reached Domain Admin status and you have a cloud presence, your entire Azure cloud can still be compromised. In this blog, I’ll take you through this scenario and show you the dangers of machine account SSO compromise. We will do so without extracting any…

The post Azure AD Kerberos Tickets: Pivoting to the Cloud appeared first on TrustedSec.

Continue reading Azure AD Kerberos Tickets: Pivoting to the Cloud→

TeamFiltration V3.5.0 – Improve All the Things!

Posted on February 7, 2023 by Roza Maille

TeamFiltration was publicly released during the DefCON30 talk, “Taking a Dump In The Cloud”. Before the public release, TeamFiltration was an internal tool for TrustedSec’s offensive security operations, which was shared internally back in January 2021. In short terms, TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring Office 365 Azure AD accounts….

The post TeamFiltration V3.5.0 – Improve All the Things! appeared first on TrustedSec.

Continue reading TeamFiltration V3.5.0 – Improve All the Things!→

The First Steps on the Zero Trust Journey

Posted on February 3, 2023 by Roza Maille

One of the most discussed concepts in the Information Security world in recent history has been Zero Trust. Although many vendors claim to have products for implementing Zero Trust, an organization must not view them as an instant solution to achieving Zero Trust. Zero Trust should be viewed as a philosophy comprised of many controls…

The post The First Steps on the Zero Trust Journey appeared first on TrustedSec.

Continue reading The First Steps on the Zero Trust Journey→

Grab 9 Ethical Hacking Courses for $30 and Improve Your Business Security

Posted on January 30, 2023 by TechRepublic Academy

Your customers expect you to keep their data secure, and this collection of video courses covers everything you need to know about cybersecurity. Continue reading Grab 9 Ethical Hacking Courses for $30 and Improve Your Business Security→

Operator’s Guide to the Meterpreter BOFLoader

Posted on January 24, 2023 by Roza Maille

1.1 Introduction Recently, myself and a few friends decided to port my coworker Kevin Haubris‘ COFFLoader project to Metasploit. This new BOFLoader extension allows Beacon Object Files (BOFs) to be used from a Meterpreter session. This addition unlocks many new possibilities for Meterpreter and, in my opinion, elevates Meterpreter back up to the status of…

The post Operator’s Guide to the Meterpreter BOFLoader appeared first on TrustedSec.

Continue reading Operator’s Guide to the Meterpreter BOFLoader→

A LAPS(e) in Judgement

Posted on January 10, 2023 by Roza Maille

As security practitioners, we live in a time where there is an abundance of tools and solutions to help us secure our homes, organizations, and critical data. We know the dangers of unpatched applications and devices as well as the virtues of things like password managers and encrypted databases to protect our passwords and other…

The post A LAPS(e) in Judgement appeared first on TrustedSec.

Continue reading A LAPS(e) in Judgement→

Kali Linux: What’s next for the popular pentesting distro?

Posted on January 3, 2023 by Mirko Zorz

If you’re interested in penetration testing and digital forensics, you know that Kali Linux is worth a try. And if you’re already doing it, chances are good you are already using it. We talked to Jim O’Gorman, Chief Content and Strategy Off… Continue reading Kali Linux: What’s next for the popular pentesting distro?→

Kali Linux 2022.4 released: Kali NetHunter Pro, desktop updates and new tools

Posted on December 6, 2022 by Zeljka Zorz

Offensive Security has released Kali Linux 2022.4, the latest version of its popular penetration testing and digital forensics platform. New tools in Kali Linux 2022.4 Aside from updates to existing tools, a new Kali version always delivers new tools. … Continue reading Kali Linux 2022.4 released: Kali NetHunter Pro, desktop updates and new tools→

Containers, Security, and Risks within Containerized Environments

Posted on December 6, 2022 by Michael Mitchell

Applications have historically been deployed and created in a manner reminiscent of classic shopping malls. First, a developer builds the mall, then creates the various stores inside. The stores conform to the dimensions of the mall and operate within its floor plan. In older approaches to application development, a developer would have a targeted system or […]

The post Containers, Security, and Risks within Containerized Environments appeared first on Security Intelligence.

Continue reading Containers, Security, and Risks within Containerized Environments→