XMGoat – An Open Source Pentesting Tool for Azure

Overview We created XMGoat as an open source tool with the purpose of teaching penetration testers, red teamers, security consultants, and cloud experts how to abuse different misconfigurations within the Azure environment. In this way, you learn about common Azure security issues. XMGoat contains multiple environments in the form of terraform templates. After installation, the […]

What Are the Different Types of White Hat Penetration Testing?

If you want to understand where your defenses are vulnerable, actively testing those defenses under real-world conditions is invaluable. That’s the principle behind white hat penetration testing, which seeks to identify, exploit and analyze any security gaps within a computing system. “White hats” are similar to ethical hackers, as they attempt to use the tools […]

Penetration Tester vs. Red Team: What’s Right for You?

Penetration tests and red team exercises are, in many ways, two sides of the same coin. Both have similar objectives, and both share some commonalities in terms of how those objectives are achieved. However, they are not interchangeable — and organizations may find one approach better suits their needs, depending on a few variables. To illuminate the […]

Penetration Testing and Validating Security Controls

Sometimes our security controls can make us feel confident. Yet other times that confidence can prove to be badly misplaced. Consider the case of a Big Three credit bureau that was victimized by a massive data breach in late 2017. After public alerts were issued identifying a serious vulnerability in a popular web application, this credit […]

How to Make Automated Penetration Testing More Reliable

The modern security landscape is fast evolving — and has never been more fraught with challenges. With data breaches growing in size and severity every year, and enterprise networks becoming ever more complex, it’s imperative for organizations to have a robust set of defenses. Red team exercises and penetration testing have long been core elements of any security strategy. A […]

Breach and Attack Simulation vs Pen Testing

How easy is it for a malicious actor to get into your network? Cyber attacks are growing steadily in number, strength, and variety. In parallel, even the most sophisticated adversaries are using surprisingly unsophisticated means to wreak damage. Top-notch hackers can mimic legitimate user actions and go under the radar of protective measures. They can […]