Hot Topics

Red Team

red team SEC data security privacy How to Bring DevOps and Security Teams Closer Together

Google Launches Red Team to Secure AI Systems Against Attacks

| | AI, Cybersecurity, google, Red Team
Google is rolling out a red team charged with testing the security of AI systems by running simulated but realistic attacks to uncover vulnerabilities or other weaknesses that could be exploited by ...
Security Boulevard
Sowing Chaos and Reaping Rewards in Confluence and Jira

Sowing Chaos and Reaping Rewards in Confluence and Jira

| | atlassian, Hacking, Red Team, research, social engineering
IntroductionLet me paint a picture for you. You’re on a red team operation, operating from your favorite C2, and have just landed on a user’s workstation. You decide to take a look ...
Posts By SpecterOps Team Members - Medium
MOVEit Transfer CVE-2023-34362 Deep Dive and Indicators of Compromise

MOVEit Transfer CVE-2023-34362 Deep Dive and Indicators of Compromise

| | Blog, Red Team
On May 31, 2023, Progress released a security advisory for their MOVEit Transfer application which detailed a SQL injection leading to remote code execution and urged customers to update to the latest ...
Horizon3.ai
COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT

COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT

| | COSMICENERGY, electric grid, electrical grid, Electrical grids, energy grid, grid cyber attack, ICS, IEC 60870-5-104, IEC-104, INCONTROLLER, Industroyer, Industroyer2, Malware, OT, power grid, Power-Grid Security, Red Team, Red team exercises, red team operations, red team testing, Red Teaming, Red Teams, red-team-tools, redteam, Russia, Russia Exodus, Russia power grid, Russia-Ukraine, russia-ukraine conflict, Russia's War on Ukraine, russian, Russian Cyber War, SB Blogwatch, Solar Polygon, triton, TRITON ICS malware, Triton malware
Shouty name—dangerous game. Red-team tool ripe for misuse ...
Security Boulevard

Content Discovery: Understanding Your Web Attack Surface

| | ASM, Attack Surface Management, brute forcing, Chariot, content discovery, Labs, Offensive Security, Penetration Testing, Red Team, Tools & Techniques
Attack Surface Management (ASM) tools find quite a lot of vulnerabilities on the Web. This really isn’t surprising, given that HTTP/S is by far the most common and broadest of all the ...
Blog - Praetorian
C2 and the Docker Dance: Mythic 3.0’s Marvelous Microservice Moves

C2 and the Docker Dance: Mythic 3.0’s Marvelous Microservice Moves

| | Offensive Security, Red Team, research
— Title by ChatGPT for introducing Mythic 3.0What is Mythic?Mythic is a plug-n-play command and control (C2) framework that heavily leverages Docker and a microservice architecture where new agents, communication channels, and modifications can ...
Posts By SpecterOps Team Members - Medium
CVE-2023-27524: Insecure Default Configuration in Apache Superset Leads to Remote Code Execution

CVE-2023-27524: Insecure Default Configuration in Apache Superset Leads to Remote Code Execution

| | Blog, Disclosures, Red Team
Apache Superset is an open source data visualization and exploration tool. It has over 50K stars on GitHub, and there are more than 3000 instances of it exposed to the Internet. In ...
Horizon3.ai
PaperCut CVE-2023-27350 Deep Dive and Indicators of Compromise

PaperCut CVE-2023-27350 Deep Dive and Indicators of Compromise

| | Blog, Red Team
Overview On 8 March 2023, PaperCut released new versions for their enterprise print management software, which included patches for two vulnerabilities: CVE-2023-27350 and CVE-2023-27351. The PaperCut security advisory details CVE-2023-27350 as a ...
Horizon3.ai
Screenshotting: Can You See What I See?

Screenshotting: Can You See What I See?

| | Chariot, CNNs, machine learning, ML, Red Team, screenshotting
At Praetorian, we firmly believe that the most effective way to secure your systems is to look at them through an offensive lens. After all, when you view yourself the same way ...
Blog - Praetorian
I’d TAP That Pass

I’d TAP That Pass

| | Azure AD, Cloud Security, Infosec, OAuth, Red Team
Summary:Given that:Temporary Access Passes (TAP) are enabled in the Azure AD tenantANDYou have an authentication admin role in Azure ADYou can assign users a short lived password called a Temporary Access Pass (TAP) ...
Posts By SpecterOps Team Members - Medium
Load more