How To Overcome Active Directory Exploits And Prevent Attacks
According to Gartner, “It is critical to make concentrated efforts to comprehensively secure and monitor Active Directory, proactively look for threats and misconfigurations, and…
Prevent cyber attacks in Azure before they happen
Misconfigurations within Azure environments are more common than you think. It’s important to learn and understand how attackers can exploit these misconfigurations and, more…
Decrypting VMware Workstation Passwords for Fun
Overview At XM Cyber, we have been hard at work on the techniques that attackers use against your VMware environments. What you’re about to…
The XM Cyber 2022 Attack Path Management Impact Report
The industry’s first annual attack path management research report is here! The XM Cyber research team analyzed nearly 2 million entities to bring insights…
XM Cyber Advisory – Spring4Shell, Zero Day
Overview On March 30, A new zero day critical vulnerability was leaked in another open source software library. The vulnerability affects Spring Framework which…
New Privilege Escalation Techniques are Compromising your Google Cloud Platform
In this research you’ll discover some of the common attack techniques used in Google Cloud Platform (GCP) to better understand how an attacker exploits…
XMGoat – An Open Source Pentesting Tool for Azure
Overview We created XMGoat as an open source tool with the purpose of teaching penetration testers, red teamers, security consultants, and cloud experts…
Introducing MacHound: A Solution to MacOS Active Directory-Based Attacks
As a security researcher at XM Cyber, designing core product support for MacOS was one of my goals last year. Designing this support meant…
Lessons Learned from the SolarWinds SUNBURST Attack
Should We Prioritize Detection or Prevention? The XM Factor Is Needed. In 1736, Benjamin Franklin famously advised fire-threatened Philadelphians that “An ounce of prevention…
Here’s How the Recent SolarWinds Supply Chain Attack Could Be Easily Stopped
A Cybersecurity Vaccine Exists – and It Is 99% Effective. Learn How to Inoculate Your Organization From Attacks in 2021 There’s no sugarcoating it:…
What Are Common Targets for Advanced Persistent Threats (APT)?
Few things give cybersecurity defenders more anxiety than the prospect of an attack by an Advanced Persistent Threat (APT). Unlike your run-of-the-mill attacker, APTs…
SSH & SSL — Step-siblings or Rivals?
People often wonder whether SSH uses SSL/TLS for traffic encryption. The short answer is NO, even though both protocols have much in common, under…
){kind=icon}
){kind=icon}
Find and fix the exposures that put your critical assets at risk with ultra-efficient remediation.
){kind=icon}