Security Blog

Oracle PeopleSoft: still a threat for enterprises

May 4, 2016

In 2015, Alexey Tyurin from ERPScan presented at the Hack-In-The-Box Amsterdam conference [2][3] multiple attack vectors to defeat the widely used Oracle PeopleSoft (or PS) system. Many companies in various market verticals are relying on this massive and complex software to host confidential information about their employees, their students or even about the financial results of the company.

read more

Binary Webshell Through OPcache in PHP 7

Apr 27, 2016

In this article, we will be looking at a new exploitation technique using the default OPcache engine from PHP 7. Using this attack vector, we can bypass certain hardening techniques that disallow the file write access in the web directory. This could be used by an attacker to execute his own malicious code in a hardened environment.

read more

Your credentials at risk with Lansweeper 5

Apr 21, 2016

As a penetration testers, we rarely have to find ‘zero day’ vulnerabilities or perform ‘bug hunting’ in order to compromise Windows Active Directory Domains. However, in one of these rare cases while performing an internal penetration test for a client, we had to do so. Lansweeper is an inventory software that scans your network in order to gather system information such as patch level, network interfaces, resources status, etc.   We were fairly surprised during this test when we were able to access Lansweeper 5’s dashboard with a regular user account.

read more

On the road to AtlSecCon

Apr 5, 2016

AtlSecCon is almost there! Philippe and I are pretty excited to be speaking there this year! Our presentations will cover some of the analysis we performed: Linux/Moose, LizardSquad, Win32/RBrute,and more. Finally, some advice will be given to the audience in order to help protect themselves, their organizations and their families.

read more

Categories

SOLUTIONS
Titan Managed Detection & Response
Advisory Services
Security Technology
Managed Security Services
WHY GOSECURE?
Why MDR vs MSSP?
GoSecure Titan Platform
Threat Intelligence
Industry Validation
RESOURCES
In The News
Press Releases
Events
Security Blog
COMPANY
Leadership
Board of Directors
Careers
Follow Us:   
SOLUTIONS
Titan Managed Detection & Response
Advisory Services
Security Technology
Managed Security Services
WHY GOSECURE?
Why MDR vs MSSP?
GoSecure Titan Platform
Threat Intelligence
Industry Validation
RESOURCES
In The News
Press Releases
Events
Security Blog
COMPANY
Leadership
Board of Directors
Careers
Follow Us:   
Titan Managed Detection & Response
Next-Generation Antivirus
Endpoint Detection & Response
Network Detection & Response
Inbox Detection & Response
Insider Threat Detection & Response
Managed Firewall
Managed SIEM
Endpoint Security Lifecycle
GoSecure Titan
Titan Software
Email Security
Web Security
ResponderPRO Forensics Toolkit
Advisory Services
Cybersecurity Assessment
Security Compromise Assessment
Ethical Hacking
Incident Response & Forensics
Compliance & Audit
3rd Party Technology

Pin It on Pinterest