Category: Security


Persistence via App Registration in Entra ID

Cloud Service Principal is the key, abuse the hole, or the misconfiguration. While I’m investigating or attacking the cloud for many components on a daily basis. I find a lot of abuses. Some of them...


EASM vs. PT vs. VM & Defender EASM Approaches

Many times people asked me about the differences between external attack surface management, vulnerability management, and penetration testing. Mostly “What will be the and the right approach to handling security tools alongside the behavior and...


Advanced Hunting 4 ZIP/MOV

If you heard a noise on social media from May (2023), it’s probably the same noise that most of us heard: the announcement of specific domains by Google. Google Registry announced eight new top-level domains...


The State of External Attack Surface Management

Cybersecurity adores fancy words and buzz…, and you’re in for another joy – ASM, DRP, EASM, CAASM. This blog post provides additional information on the state of external attack surface management, and it’s related tools...


Cloud Penetration Testing from the field

Breaking the Cloud via “some service” is every pentester or red reamer mission. While the Blue team, SecOps, and other security teams struggle to minimize the attack surface area, create friction with attackers, and gain...


Operate Defender for Office like a Pro

Phishing and email scams continue to be significant security concerns for organizations of all sizes and across all industries. These attacks are designed to trick recipients into divulging sensitive information or performing actions that can...

error: Content is Protected !!