Blog

Stay up to date on cybersecurity

BLOG
All members of the Dev community are invited to join XM Cyber’s next Tech Talk webinar and learn from our journey to shift from Monolith to Big Data Stream Processing architecture using Flink. When: November 26, 2020 Time: 12 pm CET Where: Zoom Registration: Click here Yaron Shani (Senior Cyber Security Researcher) and Sophia Morozov […]
If you want to understand where your defenses are vulnerable, actively testing those defenses under real-world conditions is invaluable. That’s the principle behind white hat penetration testing, which seeks to identify, exploit and analyze any security gaps within a computing system. “White hats” are similar to ethical hackers, as they attempt to use the tools […]
People often wonder whether SSH uses SSL/TLS for traffic encryption. The short answer is NO, even though both protocols have much in common, under the hood SSH has its own transport protocol, independent from SSL. Both of them were created to secure and encrypt traffic between clients and servers (SSL for website traffic, SSH for […]
Tagged under: , ,
Penetration tests and red team exercises are, in many ways, two sides of the same coin. Both have similar objectives, and both share some commonalities in terms of how those objectives are achieved. However, they are not interchangeable — and organizations may find one approach better suits their needs, depending on a few variables. To illuminate the […]
If you’re a cybersecurity pro, they are the last three letters you want to hear: G-A-P. And it has nothing to do with your jeans. We’re talking about security gaps, which are an unfortunate fact of life and certain to remain so — at least until humans are entirely replaced by AI. People are fallible, which […]
Júntese a XM Cyber en nuestra presentación sobre la simulación de brechas y ataques (beach and attack simulation) para el mercado chileno de ciberseguridad, que será realizada en línea el 18 de noviembre, a las 10:00h (horario local). Con el apoyo de nuestro socio chileno, OZNet, nuestra charla intitulada Equipo Púrpura: El Futuro de los […]
What is a Cyber Supply Chain Attack? A supply chain attack, which is also called a value-chain or third-party attack, occurs when someone infiltrates your system through an outside partner or provider with access to your systems and data. Supply Chain Connections Suppliers commonly have access to their customer’s networks to simplify the supply chain. […]
XM Cyber participó de la Tactical Edge LATAM 2020, una cumbre virtual con casi 2,000 asistentes de Latinoamérica acerca del mercado colombiano de ciberseguridad, realizada en línea del 22 al 25 de septiembre. Con el apoyo de nuestro socio colombiano, ARTSEC, nuestra presentación intitulada “Equipo Púrpura: El Futuro de los Incidentes de Ciberseguridad; la Convergencia […]
Digital Transformation: Enabling Your Defenders to See Like Their Attackers
Digital transformation is a phrase that gets bandied about often enough to almost qualify for the “buzzword” category. Yet scratch below the surface and you’ll see a weighty concept that articulates one of the most urgent challenges today’s organizations face. Namely, how to keep pace and evolve in a world that is digitalizing at breakneck […]
Tagged under: ,
Privilege Escalation and Lateral Movement on Azure
Overview XM Cyber features integrated support for Microsoft Azure. This support addresses attack techniques from on-premises environments to Azure cloud environments and vice versa. In this blog, we will show some techniques for how a red team can gain a foothold in an Azure environment. In addition, we will explore ways in which attackers escalate […]