Cyber Research Hub

Welcome to the XM Cyber Research Hub, where we offer you access to the leading minds in the field of cybersecurity. Our team is made up of a diverse group of experts from all around the world, including researchers, hackers, and seasoned cybersecurity professionals. By staying updated with the latest research from our team, you’ll gain valuable insights into the industry, be able to analyze the newest and most pressing threats, learn about preventative measures, and stay informed on the latest breakthroughs in attacks and hacking. Whether you’re a security professional, looking to improve your knowledge, or a company seeking to harden your defenses, XM Cyber is your source for staying ahead of the game in cybersecurity.

Prevent cyber attacks in Azure before they happen

Misconfigurations within Azure environments are more common than you think. It’s important to learn and understand how attackers can exploit these misconfigurations and, more…

Watch Webinar

Decrypting VMware Workstation Passwords for Fun

At XM Cyber, we have been hard at work on the techniques that attackers use against your VMware environments.

XMGoat – An Open Source Pentesting Tool for Azure

We created XMGoat as an open source tool with the purpose of teaching penetration testers, red teamers, security consultants, and cloud experts how to abuse different misconfigurations within the Azure environment. In this way, you learn about common Azure security issues.

New Privilege Escalation Techniques are Compromising your Google Cloud Platform

In this research, you’ll discover some of the common attack techniques used in Google Cloud Platform (GCP) to better understand how an attacker exploits this environment to gain permissions and steal information.

Extracting Encrypted Credentials from Common Tools

In this blog post, we will show how an attacker can extract non cleartext credentials in order to authenticate to databases and servers.

XM Cyber Advisory – Spring4Shell, Zero Day

On March 30 2022, A new zero day critical vulnerability was leaked in another open source software library. The vulnerability affects Spring Framework which is running over Java Development Kit 9.0 (JDK9.0) and above. Spring Core on JDK9+ is vulnerable to remote code execution due to a bypass for CVE-2010-1622. While Spring4shell needs to be addressed as soon as possible, it is important to highlight that as it is a common library that is used by many different java software components, it can be a major breach point allowing attackers to build a lateral move pivoting to business-critical assets in the organization. As this develops, XM Cyber Research will share insights and guidance on the impact of this new zero day.

Go beyond Log4Shell and see the entire attack path

We understand the facts: The most common open-source library (Java) has already been identified with 3 CVEs and counting, with over 3 million attacks already confirmed in the wild. The industry anticipates the largest ransom wave to hit organizations across the world. The attacker is already inside! What’s Next?

XM Cyber Advisory – Log4Shell, CVE-2021-44228

On December 9th 2021, the Log4Shell vulnerability, CVE-2021-44228 (CVSS score 10), was discovered. This remote code execution (RCE) vulnerability was being exploited in the wild. Log4j is a logging library, and the vulnerability affects all products and applications that use log4j. That’s a lot of products.

Resources

Check them out

eBooks & Whitepapers

Research Report: 2023 State of Exposure Management

eBooks & Whitepapers

Don’t miss out on exclusive research that explores the challenges organizations face in managing security exposures and provides insights on how to overcome them….

eBooks & Whitepapers

Gartner® Report – Top Trends in Cybersecurity 2023

eBooks & Whitepapers

Gartner just released their report with a pick of trends most likely to have the greatest impact on 2023’s cybersecurity landscape.

Webinars

Establishing a Modern Exposure Management Program

Webinars

This session provides a comprehensive overview of the evolution of vulnerability management and explains why critical vulnerabilities do not necessarily equal risk. By watching…

eBooks & Whitepapers

2022’s Most Potent Attack Paths

eBooks & Whitepapers

Attackers don’t think like you do. They’re looking for ways to bypass your security controls and take advantage of various exposures that exist in…

eBooks & Whitepapers

IBM -Cyber Exposure Management Guide

eBooks & Whitepapers

IBM, in conjunction with XM Cyber created their new guide, Cyber Exposure Management: You Can’t Protect What You Don’t Know. It’s jam packed with…

eBooks & Whitepapers

Buyers Guide: Risk Exposure Reduction and Vulnerability Prioritization

eBooks & Whitepapers

2023 is almost here and security teams are focused on locking-in the funds needed to keep their orgs secured in the coming year. But…

Webinars

Understanding ‘Lone Wolf’ Attacks Dissecting and Modeling 2022’s Most Powerful Cyber Attacks

Webinars

The second half of 2022 saw a dramatic increase in ‘lone wolf’ attacks and can be coined one of the most common enterprise attack…

eBooks & Whitepapers

A CISO’s Guide to Reporting Cyber Risk to the Board

eBooks & Whitepapers

In the eBook you’ll learn the four key challenges CISOs face when reporting to the board:

eBooks & Whitepapers

Increasing Cyber-risk is Driving the Need for Attack Path Management

Increasing Cyber-risk is Driving the Need for Exposure Management

eBooks & Whitepapers

Cyber-risk leads directly to cyber-attacks. Rather than monitor and measure cyber-risk through siloed/fragmented data or layering on more disconnected defenses, organizations should build their…

eBooks & Whitepapers

The Necessity of Attack Path Management for the Hybrid Cloud

eBooks & Whitepapers

Published in collaboration with the UK Chapter of the Cloud Security Alliance, this whitepaper explores the necessity of attack path management for today’s hybrid…

Case Studies

Case Study: Hamburg Port Authority

Case Studies

When one of Europe’s largest seaports needed help securing its vast IT infrastructure “Because it offers continuous, automated protection, security issues that would normally…

News

‘Total Economic Impact’ Study Concludes That XM Cyber Delivered 394% Return On Investment

News

Attack Path Management Significantly Reduces Risk of Fines and Remediation Expenditures, Reduces Pen Testing and Labor Costs

Check them out

Follow us

XM Cyber Research Hub

Prevent cyber attacks in Azure before they happen

Decrypting VMware Workstation Passwords for Fun

XMGoat – An Open Source Pentesting Tool for Azure

New Privilege Escalation Techniques are Compromising your Google Cloud Platform

Extracting Encrypted Credentials from Common Tools

XM Cyber Advisory – Spring4Shell, Zero Day

Go beyond Log4Shell and see the entire attack path

XM Cyber Advisory – Log4Shell, CVE-2021-44228

Resources

Research Report: 2023 State of Exposure Management

Gartner® Report – Top Trends in Cybersecurity 2023

Establishing a Modern Exposure Management Program

2022’s Most Potent Attack Paths

IBM -Cyber Exposure Management Guide

Buyers Guide: Risk Exposure Reduction and Vulnerability Prioritization

Understanding ‘Lone Wolf’ Attacks Dissecting and Modeling 2022’s Most Powerful Cyber Attacks

A CISO’s Guide to Reporting Cyber Risk to the Board

Increasing Cyber-risk is Driving the Need for Exposure Management

The Necessity of Attack Path Management for the Hybrid Cloud

Case Study: Hamburg Port Authority

‘Total Economic Impact’ Study Concludes That XM Cyber Delivered 394% Return On Investment

Platform

Resources

Use Cases

Company

Partners

Support