The XM Cyber 2022 Attack Path Management Impact Report
Michael Greenberg | Blog

The industry’s first annual attack path management research report is here! The XM Cyber research team analyzed nearly 2 million entities to bring insights…

5 Ways to Make Attack Path Management More Manageable
Shay Siksik | Blog

Effective cybersecurity can be distilled to a single idea: Protect your most business critical assets. Protecting your most critical assets, in turn, can be…

XM Cyber Advisory – Spring4Shell, Zero Day
Zur Ulianitzky; Ilay Grossman | Blog

Overview On March 30, A new zero day critical vulnerability was leaked in another open source software library. The vulnerability affects Spring Framework which…

New Privilege Escalation Techniques are Compromising your Google Cloud Platform
Idan Strovinsky, Zur Ulianitzky | Blog

In this research you’ll discover some of the common attack techniques used in Google Cloud Platform (GCP) to better understand how an attacker exploits…

See All Ways: How to Overcome the Big Disconnect in Cybersecurity
Sharron Malaver | Blog

Today’s reality in cybersecurity is that, with the right combination of tools, you may be able to see all kinds of misconfigurations … and…

10 ways to gain control over Azure function app sites
Zur Ulianitzky and Bill Ben Haim | Blog

Pen-testers! Red-teamers! We’ve prepared a bucket of new Azure techniques, specifically about Azure function app sites. In this blog, we’ll show you new approaches…

Choosing Attack Path Management Over Security Control Validation When Shopping for Breach & Attack Simulation
Menachem Shafran | Blog

Breach and Attack Simulation is gaining lots of hype today. Yet simulating attacks can mean many different things and serve many different use cases….

Attack Path vs Attack Vector: Important Differences You Need To Know

By: Rinat Villeval, Technical Enablement Manager If you want to solve a problem, defining your terms is essential — and there are few more…

Top 3 Benefits of Ransomware Readiness Assessment
Shay Siksik | Blog

After so many recent high-profile ransomware attacks, CISOs, SOC Managers and other cybersecurity leaders are certainly aware of the risks involved. Global costs from…

Time to go beyond Log4Shell and see the entire attack path

Today’s organizations are overwhelmed since the world first learned about the Log4Shell vulnerability (aka Log4J CVE-2021-44228, CVE-2021-45046). If prioritizing your vulnerabilities was a daunting…

XM Cyber Advisory – Log4Shell, CVE-2021-44228

Overview Last Thursday, December 9, the Log4Shell vulnerability, CVE-2021-44228 (CVSS score 10), was discovered. This remote code execution (RCE) vulnerability was being exploited in…

XMGoat – An Open Source Pentesting Tool for Azure

  Overview We created XMGoat as an open source tool with the purpose of teaching penetration testers, red teamers, security consultants, and cloud experts…

1 2 3 4 19

See all ways we can help you

See what attackers see, so you can stop them from doing what attackers do.