Vulnerability Management & Penetration Testing Archives

The Critical Need for Multi-Role Testing in Application Security

Austin Turecek | December 19, 2024 | Application Security, AppSec, Cybersecurity, Penetration Testing, Security Awareness & Education, Vulnerability Management & Penetration Testing

As web, thick client, mobile, and IoT applications have become more robust, authentication and authorization has become an incredibly complex […] ...

The Guiding Point | GuidePoint Security

Examining the Difference Between CTEM and Vulnerability Management

Chris Peltz | September 25, 2024 | Blog, CTEM, Vulnerability Management, Vulnerability Management & Penetration Testing

I’ve recently been fielding this question in my conversations with customers: “What is the difference between CTEM and Vulnerability Management?” One […] ...

The Guiding Point | GuidePoint Security

How Hackers Steal Your RFID Cards

[email protected] | August 8, 2024 | Blog, Cybersecurity, Red Team, RFID, Security Awareness & Education, Technical, Threat & Attack Simulation, Vulnerability Management & Penetration Testing

Radio Frequency Identification (RFID) cards are ubiquitously used to authenticate using a physical token. This technology is often embedded in […] ...

The Guiding Point | GuidePoint Security

How to Make Adversaries Cry: Part 1

Joaquim Nogueira | July 26, 2024 | Blog, Cybersecurity, Technical, Threat & Attack Simulation, Vulnerability Management & Penetration Testing

In the ever-evolving landscape of cybersecurity, defense against intruders requires constant vigilance and proactive measures. For organizations relying on Active […] ...

The Guiding Point | GuidePoint Security

SCCM Exploitation: Evading Defenses and Moving Laterally with SCCM Application Deployment

Marshall Price | June 20, 2024 | Blog, Cybersecurity, Penetration Testing, Threat & Attack Simulation, vulnerability, Vulnerability Management & Penetration Testing

TL;DR: Compromise of an SCCM administrator account can easily lead to compromise of every machine managed by SCCM. As this […] ...

The Guiding Point | GuidePoint Security

Leveraging Escalation Attacks in Penetration Testing Environments – Part 1

GuidePoint Security | June 6, 2024 | Blog, Cybersecurity, Technical, Vulnerability Management & Penetration Testing

Authors: George Raileanu and Eugene Mar Introduction Together we aim to explore vulnerabilities within Active Directory Certificate Services (AD CS), […] ...

The Guiding Point | GuidePoint Security

Leveraging Escalation Attacks in Penetration Testing Environments – Part 2

GuidePoint Security | June 6, 2024 | Blog, Cybersecurity, Technical, Vulnerability Management & Penetration Testing

Authors: George Raileanu and Eugene Mar In this post, we’ll cover the two most common ESC attacks we encounter on […] ...

The Guiding Point | GuidePoint Security

The Art of Self-Defense: Security Validation Through Attack Simulation

Conor Murphy | May 30, 2024 | BAS, BAS as a Service, Blog, Cybersecurity, Threat & Attack Simulation, Vulnerability Management & Penetration Testing

Additional authors: Nic Finn Setting the Stage Organizations looking to develop an increasingly proactive defensive strategy are beginning to incorporate […] ...

The Guiding Point | GuidePoint Security

Beyond the Basics: Exploring Uncommon NTLM Relay Attack Techniques

Kevin Murphy | May 23, 2024 | Blog, Cybersecurity, Threat & Attack Simulation, Vulnerability Management & Penetration Testing

NTLM (NT LAN Manager) relaying is an attack technique that has been around for years yet is still incredibly effective. […] ...

The Guiding Point | GuidePoint Security

SCCM Exploitation: Compromising Network Access Accounts

Marshall Price | May 2, 2024 | Blog, Cybersecurity, Penetration Testing, pentesting, SCCM, Security Research, Threat & Attack Simulation, Vulnerability Management & Penetration Testing

Authors: Marshall Price and Connor Dowling TL;DR: SCCM Network Access Accounts (NAA) are frequently used despite being associated with several […] ...

The Guiding Point | GuidePoint Security