Finding Access Control Vulnerabilities with Autorize
In the most recent revision of the OWASP Top 10, Broken Access Controls leapt from fifth to first.1 OWASP describes an access control as something that “enforces policy such that […]
The Detection Engineering Process
This webcast was originally published on November 8, 2024. In this video, Hayden Covington discusses the detection engineering process and how to apply the scientific method to improve the quality […]
Cyber Risk Lessons We Can Learn From Hurricane Preparedness
Risk is real. To better understand cybersecurity risk, let’s compare cyber risks to risks in the natural world from hurricanes. We can learn lessons from hurricanes and unnamed storms in […]
Intro to Desktop Application Testing Methodology
In this video, experts delve into the intricacies of desktop application penetration testing methodologies.
What Is Penetration Testing?
In today’s world, security is more important than ever. As organizations increasingly rely on technology to drive business, digital threats are becoming more sophisticated, varied, and difficult to defend against. […]
Adversary in the Middle (AitM): Post-Exploitation
In this video, Michael Allen discusses adversary-in-the-middle post-exploitation techniques and processes.
Pentesting, Threat Hunting, and SOC: An Overview
By Ray Van Hoose, Wade Wells, and Edna Jonsson || Guest Authors This post is comprised of 3 articles that were originally published in the second edition of the InfoSec […]
QEMU, MSYS2, and Emacs: Open-Source Solutions to Run Virtual Machines on Windows
As a tester, I do all my work inside a Virtual Machine (VM). Recently, I found myself in a situation where I needed to get a VM on a Windows […]
Clear, Concise, and Comprehensive: The Formula for Great SOC Tickets
A lot of emphasis and focus is put on the investigative part of SOC work, with the documentation and less glamorous side of things brushed under the rug. One such […]