Blog

Topics

How Is Your Enterprise IT Hygiene?
Artiom Levinton | Blog

We’re hearing a lot these days about the need for strong and consistent enterprise IT hygiene in cybersecurity. Good. What is that, anyway? An…

XM Cyber Advisory – Follina, CVE-2022-30190, Zero Day
Zur Ulianitzky and Bill Ben Haim | Blog

On May 27, a new zero day critical vulnerability called Follina was discovered by the nao_sec security research team. The vulnerability resides in malicious…

Chaining together Active Directory attack techniques to give your organization the edge against attackers
Michael Greenberg | Blog

Debuting at RSA 2022 we will show the industry how we can link the use of Active Directory (AD) into the entire attack path,…

Decrypting VMware Workstation Passwords for Fun
David Azria & Zur Ulianitzky | Blog

Overview At XM Cyber, we have been hard at work on the techniques that attackers use against your VMware environments. What you’re about to…

Our security is only as strong as our ability to manage it: The necessity of Attack Path Management for the Hybrid Cloud
Michael Greenberg | Blog

Now it’s no secret businesses have ramped up and driven the adoption of the cloud faster than any period previously. One of the key…

The XM Cyber 2022 Attack Path Management Impact Report
Michael Greenberg | Blog

The industry’s first annual attack path management research report is here! The XM Cyber research team analyzed nearly 2 million entities to bring insights…

5 Ways to Make Attack Path Management More Manageable
Shay Siksik | Blog

Effective cybersecurity can be distilled to a single idea: Protect your most business critical assets. Protecting your most critical assets, in turn, can be…

XM Cyber Advisory – Spring4Shell, Zero Day
Zur Ulianitzky; Ilay Grossman | Blog

Overview On March 30, A new zero day critical vulnerability was leaked in another open source software library. The vulnerability affects Spring Framework which…

New Privilege Escalation Techniques are Compromising your Google Cloud Platform
Idan Strovinsky, Zur Ulianitzky | Blog

In this research you’ll discover some of the common attack techniques used in Google Cloud Platform (GCP) to better understand how an attacker exploits…

See All Ways: How to Overcome the Big Disconnect in Cybersecurity
Sharron Malaver | Blog

Today’s reality in cybersecurity is that, with the right combination of tools, you may be able to see all kinds of misconfigurations … and…

10 ways to gain control over Azure function app sites
Zur Ulianitzky and Bill Ben Haim | Blog

Pen-testers! Red-teamers! We’ve prepared a bucket of new Azure techniques, specifically about Azure function app sites. In this blog, we’ll show you new approaches…

Choosing Attack Path Management Over Security Control Validation When Shopping for Breach & Attack Simulation
Menachem Shafran | Blog

Breach and Attack Simulation is gaining lots of hype today. Yet simulating attacks can mean many different things and serve many different use cases….

1 2 3 4 20

See all ways we can help you

See what attackers see, so you can stop them from doing what attackers do.