Defense In Depth – The Onion Way
One effective way to securing your systems against potential vulnerabilities and attack is by implementing a Defense-in-depth approach, which involves using multiple layers of security measures to protect against a variety of threats
Read More
The New World - Cloud Computing
Until recent years, clouds to us were the ones we see in the skies. They bring rain and occasionally block out the sun. But, in the modern technological age, the word "cloud" got an addition, "Computing"
Read More
.jpg)
The Importance of Protecting Privileged Accounts
This article will focus on common cyber-attacks that target Active Directory (AD). Active Directory is deployed across many organizations worldwide to deliver networking services so that users and computers can be easily authenticated and authorized to access network resources or log on to windows systems.
Read More
AWS WAF's Dangerous Defaults
When using AWS WAF defaults, the POST requests body size limit is greater than the default inspected body size, allowing malicious payloads to bypass the WAF
Read More
Password Filters
Weak passwords are one of the leading vulnerabilities that expose organizations to cyber incidents. Passwords complexity must be enforced, harshly. This article, by our Chief Security Architect - Itamar Hoshmand, outlines the problem, what is Password Filtering and its pros and cons.
Read More
DLL Proxying in the Tele-Conferencing Age
As a red teamer, how can I abuse the trust between the target’s infrastructure and the tele-conferencing solution implemented on the target? DLL Proxying!
Read More
Cyber Decade Summary Report 2010-2019
The last decade has been one of the most significant in cyber history, we have collected in our annual magazine the most important events, ones that have shaped consciousness and influenced the way we build our concept of defense ... Enjoy reading!
Read More
How I Found a New Vulnerability in a Popular Home Automation App
A technical walkthrough of the process of finding a new Directory-Traversal vulnerability and CVE.
Read More
.jpg)
Questions and Dilemmas in An Age Of Intensifying Cyber Attacks
The experience of an organization under ransomware attack is a jolting and high-stress event, and managing that kind of incident is a highly complex task. The potential damages to company operation can be mitigated with preparation and rehearsal.
Read More
How to Value a Business with Cybersecurity Leaders
Many companies are beginning to realize the cybersecurity impact of cyber threats as a result of rapid digitization. The modern business model requires leaders who can navigate effectively within the digital transformation, and organizations need to know how to increase their talent to serve the business value.
Read More
Lightshot Phishing Attack
Lightshot is not a malicious application, however, all screenshots that are taken by it are publicly accessible. In the following article, I will expose a new vector of Phishing attacks that targets individuals that attempt to abuse Lightshot’s known data leaks.
Read More
Social Engineering Attacks in 2020 From a SOC Perspective
“Social engineering has emerged as a serious threat in virtual communities and is an effective means to attack information systems. The services used by today’s knowledge workers prepare the ground for sophisticated social engineering attacks” - Advanced social engineering attacks (Krombholz, HobelM, Huber, Weippl 2014)
Read More
Execute Any "Evil" Powershell Code by Bypassing AMSI
Powershell can be a powerful tool during the post-exploitation phase of our engagements. Probably, one of the best advantages of Powershell is having access to awesome public scripts and tools like Empire, PowerSploit, Nishang and many others, but what if AMSI will not let us use any of these tools?
Read More
How to Improve Your WordPress Website Security
What lessons should we learn from the uPress.co.il server breach incident
Read More
Containers as Cyber Security Black Holes
A Container is not an easy thing to secure. It includes everything from the applications they hold to the infrastructure they rely on. Steps need to be taken in multiple areas and layers to ensure you are not exposing yourself. Here are some guidelines for securing a container environment.
Read More
Remote work in the age of corona – best practices for maintaining security
As the COVID-19 virus spreads around the world, governments and organizations are scrambling to respond to the challenges of maintaining business continuity, while employees are required to maintain social distancing and work remotely
Read More
Citadel Cyber Summary Report 2019 - Trends and 2020 Forecast
We are proud to present the 2019 Summary Report that reviews key events, salient trends and professional outlook for the coming year.
Read More
Problems with open-source implementation
Open-source software components are a part of practically every development team’s standard practice and most organizations’ offering to their customers throughout all industries and verticals.
Read More
Of the GDPR and the CCPA
Various Laws and regulations may apply in various places and jurisdictions. They require adjustments and protection of rights by entities operating internationally or in their local scope. Today, it’s time for privacy.
Read More
