by Maxime Nadeau | Sep 8, 2020
This is the second blog post in a series discussing attacks leveraging Windows Server Update Services (WSUS). After having revived the classic 2015 WSUS attack in part 1 of the series by creating a tool, PyWSUS, that works on Windows 10, we started to wonder if the...
by Julien Pineault | Sep 3, 2020
At GoSecure, we work hard to illustrate the impact of our pentest findings on our clients’ security posture. In the past few years, we found numerous organizations with vulnerable Windows Server Update Services (WSUS) deployments. However, no tool (reliable enough to...
by Jean-Frédéric Gauron | Aug 26, 2020
During an engagement, we discovered a Pulse Secure SSL VPN running the version 9.1R7, which was the latest version available at the time. Many vulnerabilities had been found in previous versions of the VPN, so we were eager to see if we could find shortcomings of our...
by Masarah Paquet-Clouston | Aug 25, 2020
As part of our research on Cybersecurity Perceptions Versus Reality, we developed a survey in collaboration with Serene-risc, a knowledge mobilization network in cybersecurity based in Canada, on the perceptions and practices of cybersecurity professionals. The survey...
by Masarah Paquet-Clouston | Aug 18, 2020
Having an asset inventory is a common security practice. Yet, keeping that inventory up to date seems to be less common. GoSecure penetration testers report encountering unmaintained asset inventories quite often, allowing them to exploit forgotten servers hosting...
by Masarah Paquet-Clouston | Aug 11, 2020
As part of our research on Cybersecurity Perceptions Versus Reality, we developed a survey in collaboration with Serene-risc, a knowledge mobilization network in cybersecurity based in Canada, on the perceptions and practices of cybersecurity professionals.. The...
FR