Attack Paths

Filters

Showing 1–6 of 15 results

The Value of Data Pilfering at Scale

December 6, 2024 | Attack Paths, Attack Research

Hackers don’t break in, they log in. This has never been more true – as the demand for data increases, more files than ever are being stored across the enterprise. Local files, file shares, cloud backups, and more are filling up with precious data. And with that, comes increased risk that the data being stored contains sensitive information that attackers...

On-Prem Misconfigurations Lead to Entra Tenant Compromise

May 20, 2024 | Attack Paths, Attack Research

As enterprises continue to transition on-premises infrastructure and information systems to the cloud, hybrid cloud systems have emerged as a vital solution, balancing the benefits of both environments to optimize performance, scalability, and ease of change on users and administrators. However, there can be risks involved when connecting a misconfigured or ill-protected network to cloud services. Particularly, Microsoft Active Directory...

NodeZero APT: Azure Password Spray Leads to Business Email Compromise

February 6, 2024 | Attack Paths

NodeZero APT: Azure Password Spray to Business Email Compromise

The Elephant In the Room – NTLM Coercion and Understanding Its Impact

January 9, 2024 | Attack Paths

Since introducing NTLM coercion techniques such as PetitPotam into the NodeZero platform, we frequently have security practitioners request help understanding these techniques and what impact they have to their enterprise. There is a lack of concise resources to inform Blue Teams on how these techniques work, and clearly distinguishing them from other misconfigurations/vulnerabilities in the attack chain – particularly the...