Securitum’s Post

🔍Exploring the world of initial access techniques in internal pentest! Our latest blog demonstrates the ins and outs of NTLM relay and LLMNR poisoning – two potent strategies penetration testers use to gain that crucial foothold. 🚀💻  NTLM relay attacks continue to pose a significant security risk to Windows-based networks. In 2024, we continue the journey to help organizations understand and mitigate these tactics, which can bolster their defense against potential threats. Check it out here 👉 https://lnkd.in/gifcVe_r #RBTSecurity #RBTSec #CyberSecurity #Foothold #InitialAccess #Cybersecurity #pentesting #infosec #vulnerability #Penetrationtesting

Instead of asking 'What went wrong?' post-breach, safeguard your organization now by addressing vulnerabilities through Vulnerability Assessment and Penetration Testing. Reach out to our expert team at info.gramax@gmrgroup.in for guidance and protection.  #VulnerabilityAssessment #Gramax #GMR #Protection #SecurityTesting #CyberSecurity #Awareness

Earlier this week I released initial research on the last 10-years of vulnerabilities, exploitation and proof-of-concept exploit code. The analysis discovered that 72.9% of known exploited vulnerabilities have 1 more Proof-of-Concept Exploits. You can read more about my analysis here: https://lnkd.in/g9uEnzje I also completed initial research on the vendors and products impacted by ransomware on the plane ride to RSA Conference, however I did not feel comfortable releasing the research without spending more time thinking about how I can release this research in the most mindful way. 🧘♂️ #cybersecurity #infosecurity #riskmanagement #vulnerabilitymanagement

Alhamdulilah! I am happy to share that I have recently passed my eLearnSecurity Certified Professional Penetration certification exam. The exam is a black-box pentest that tests one's practical skills in enumerating networks, performing vulnerability analysis, and exploiting live hosts within the network. To pass the exam, it was necessary to exploit a number of machines and submit a detailed report that included both a vulnerability report and a remediation report. #eCPPTv2 #CyberSecurity #PenetrationTesting #NetworkSecurity #WebApplicationSecurity

New report reveals that Network Vulnerability Scans (85%) and Penetration Testing (76%) are the most widely employed components, reflecting the essential role these techniques play in the identification of vulnerabilities management. Full Report: https://lnkd.in/gjvefDhj Bravo to all who work on #CyberSecurity at Syxsense especially Mary Yang and Harry Stockwell

 Hey LinkedIn family, here is a comprehensive guide on Insecure Direct Object References (IDOR) vulnerabilities. Let's strengthen our defences and foster a secure digital environment together. 💼🔒 #Cybersecurity #InfoSec #IDOR #KnowledgeSharing" For more such detailed notes and updates, follow: Karthik B CyberSapiens

Every company should have a Vulnerability Disclosure Program (VDP) but not every company should run a Bug Bounty Program. There are arguments to be had on both sides but one thing that a VDP program helps with is to establish some sort of a vulnerability handling/management process that is extremely important for any organization, especially when it comes to vulnerabilities reported by external parties. One can always aim to organically grow their VDP into a paid bug bounty program as the team and practices mature but that's easier said than done. There are a lot of nuances to consider and there is no right/wrong answer here. Tune in to the latest episode to hear our thoughts on this topic! Links in comments! #appsec #bugbounty #security #softwaresecurity #productsecurity #vulnerabilitydisclosure #cybersecurity

🔒 𝐄𝐱𝐩𝐥𝐨𝐫𝐢𝐧𝐠 𝐭𝐡𝐞 𝐖𝐨𝐫𝐥𝐝 𝐨𝐟 𝐏𝐞𝐧𝐞𝐭𝐫𝐚𝐭𝐢𝐨𝐧 𝐓𝐞𝐬𝐭𝐢𝐧𝐠 🔍 Join us on a journey through the essential steps of Penetration Testing. From pre-engagement planning to verification, we'll review how penetration testing assesses targets, identifies vulnerabilities, and provides actionable remediation plans. 🛡️ Connect with us: Let's redefine the game together! #penetrationtesting #mssp #cybersecurity #NordicDefender

🔏 The security of your organization's network and systems should be a top priority. 🔑 Conducting a penetration test is a crucial step in ensuring that your security posture is strong. 👀While vulnerability assessments are important, they only provide a limited view. 👮♂️A penetration test goes beyond by actively attempting to exploit vulnerabilities to simulate a real-world attack scenario. Don't leave your organization vulnerable. Take action with a penetration test. #pentesting #networksecurity #cybersecurity #dfw Ted Clouser John Via

Penetration Testing Tip of the Day Don't waste your time learning the nmap command line flags. I don't care what the CEH, Security+, or other certifications demand for their tests. (Learn what you need to pass the test, obviously) In the real world, the nmap command line flags don't matter. They are trivial to look up and find the ones you need, whenever you need it (hint: nmap --help). So, don't waste your time. INSTEAD! Focus on learning all you can about the nmap NSE libraries, their capabilities, when to use them, what arguments they take, etc. These are powerful add-ons to the nmap program that can take your nmap scans from a simple port scan to a vulnerability scan or even active exploit step. And they will be easier to control and configure than a full scan from Nessus or other proprietary vulnerability scanners. So, go check them out. #security #cybersecurity #nmap #penetrationtesting #pentesting