How many of the vulnerabilities from your last penetration test report did you risk accept? Everything with a Medium severity or lower? This article is intended to help you reconsider that mindset. Be careful about disregarding penetration testing findings just because they are not High or Critical severities by themselves. Companies are breached every day […]
Category: Exploits
Exploiting Sandboxes
What if one could do more than just bypass a sandbox (easy), but actually exploit the sandbox to gain access to custom signatures, client lists, and other customers’ files? It may be easier than you think. Here’s details showing how we exploited some of the leading sandboxes in the industry. Proofpoint TAP – Background Nearly […]
Exposing Tanium: A Hacker’s Paradise
Tanium has gained much popularity in the past few years. Those jumping on the Tanium train need to beware. If your company uses Tanium, your data is at high risk, IMO. Their “peer chain” model, and the lack of encryption of that data, are insecure and should not be trusted. This article is about Tanium: https://www.Tanium.com/products/ […]
Citrix XenDesktop Exploit
This is an exploit to gain access to a corporate network through an employee’s unmanaged personal computer via a Citrix XenDesktop VDI. Intro I’m frustrated by the sales pitch for XenDesktop and am concerned for those who have bought into the misleading claim that it is “safe from hackers and protecting the corporate network from […]