Blog Entries

30. 12. 2024 Beatrice Dall'Omo Red Team, SEC4U

Exploring Authenticated Scans in Greenbone

While traditional vulnerability scanning techniques provide valuable insights from the outside, authenticated scans offer a deeper, more comprehensive understanding of system security by providing more vulnerability details on the scanned system from an internal perspective.  By leveraging valid system credentials, Greenbone’s authenticated scans provide critical insights about system configurations, software versions, and potential internal weaknesses…

Read More
30. 12. 2024 Beatrice Dall'Omo Blue Team, Red Team, SEC4U

Red and Blue Team Cooperation: Attack to Improve

Nowadays attacks evolve over time and threat actors are following different ways to reach the same objectives. This could represent a problem on the defensive side. How can you always be up-to-date and ready to detect, but then when a vulnerability is exploited be able to act in several ways depending on the threat actor?…

Read More
23. 12. 2024 Beatrice Dall'Omo Red Team, SEC4U

Developing Integrations for Greater Efficiency: Jira and Invicti

In today’s digital landscape where cyber threats are constantly evolving, recurring vulnerability scanning is not only a best practice, but a strategic imperative with the aim of minimizing exposure to potential risks. Regular vulnerability scanning helps identify weaknesses in systems, applications and infrastructures, allowing them to be addressed in a timely and strategic way before…

Read More
16. 07. 2024 Beatrice Dall'Omo Blue Team, Red Team, SEC4U

Automate Business Processes with APIs: python-gvm

Have you already read this blog post Adding soar features to the soc part 1 vulnerability management? If not, you have to! It explains the SOAR features leveraged by the Würth Phoenix SOC and how we implement our Vulnerability Management process.  In this article, I’ll take a step back, focusing on what happens before the…

Read More
16. 11. 2023 Beatrice Dall'Omo Red Team, SEC4U

Don’t Do Without EPSS: Vulnerability Prioritization

During a Vulnerability Remediation process, understanding which vulnerabilities pose a real and significant risk for an organization is not so obvious, and most of the time it involves several different aspects. It takes into consideration several factors related to available resources and time, company assets, severity, compatibility with fix methodologies, and others.  There is no…

Read More
13. 06. 2023 Beatrice Dall'Omo Red Team, SEC4U

What We Know about the MOVEit Transfer 0-day

0-day vulnerabilities are predicted to grow more and more, posing new threats for the cybersecurity. It’s hard to predict them and when their exploit occurs, since developers and vendors are unaware of the flaw until they are actually exploited. Hence, there is no ready patch available for a 0-day vulnerability. MOVEit Transfer 0-day On May…

Read More
17. 03. 2023 Beatrice Dall'Omo Red Team, SEC4U

How to Set Up an Effective Phishing Campaign

In 2022, more than half of Italian companies suffered at least one email attack despite the presence of spam filters, blacklisted domains and other available solutions for blocking threats. This shows how crucial it is for companies to both test their employees’ awareness about security and invest in training. A phishing campaign includes scam emails…

Read More
02. 01. 2023 Beatrice Dall'Omo Red Team, SEC4U

Focus on the noPac Attack

In December 2021 Microsoft revealed two vulnerabilities concerning an Active Directory Domain Services privilege elevation, classified as CVE-2021-42278 and CVE-2021-42287. By combining the two exploits in the so-called noPac attack, a malicious actor could perform a privilege escalation by impersonating the Domain Administrator after starting out as a standard user. This would lead to a…

Read More

Archive