Security Research

Show
Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It
December 12, 2018

Overall, the infosec community has done a relatively good job in securing systems. While a measure of restrained back-patting is …

read more

2019 Cyber Security Forecasts: Six Things on the Horizon

December 5, 2018

The new year is upon us! 2018 brought us Spectre and Meltdown, Russian GRU indictments, and the exposure of 500 …

read more

Cyber Threats to ERP Applications: Threat Landscape

July 24, 2018

What are ERP Applications? Organizations rely on Enterprise Resource Planning (ERP) applications to support business processes. This includes payroll, treasury, …

read more

How Cybercriminals are using Blockchain DNS: From the Market to the Bazar

June 12, 2018

Since the takedowns of AlphaBay and Hansa in 2017, the cybercriminal community has been incorporating alternative technologies to improve both …

read more

Market.ms: Heir to the AlphaBay and Hansa throne?

June 4, 2018

It’s almost one year since the AlphaBay and Hansa dark web marketplace takedowns, also known as Operation Bayonet. Looking back, …

read more

Keys to the Kingdom: Exposed Security Assessments

April 24, 2018

Organizations employ external consultants and suppliers to perform assessments and penetration tests that help to bolster their overall internal security. …

read more

Trust vs Access: A Tale of Two Vulnerability Classes

October 20, 2017

It’s been a big week in cyberspace, with high profile crypto vulnerabilities KRACK (affecting WPA2) and ROCA (affecting RSA keys generated by Infineon hardware) …

read more

Key Reinstallation Attacks (KRACK): The Impact So Far

October 16, 2017

Today, a series of high-severity vulnerabilities affecting the WiFi Protected Access II (WPA2) protocol were disclosed. Security researchers have developed …

read more

Keep Your Eyes on the Prize: Attack Vectors are Important But Don’t Ignore Attacker Goals

June 23, 2017

Reporting on intrusions or attacks often dwells on the method that the attackers used to breach the defenses of a …

read more

All You Can Delete MongoDB Buffet

January 12, 2017

A number of extortion actors were detected accessing unauthenticated MongoDB installations and replacing their contents with a ransom note, usually …

read more

A Model of Success: Anticipating Your Attackers’ Moves

December 1, 2016

In a previous blog, we discussed the role of planning in offensive operations and the power that effective planning affords …

read more
Start Free 7-Day Test Drive of SearchLight
Start Test Drive