Resource Center
Welcome to our cybersecurity resource center where we uncover how malicious actors exploit weaknesses in systems, while going beyond the technical aspects and examining real-world perspectives across various industries.
Filters
Showing 1–6 of 14 results
On-Prem Misconfigurations Lead to Entra Tenant Compromise
As enterprises continue to transition on-premises infrastructure and information systems to the cloud, hybrid cloud systems have emerged as a vital solution, balancing the benefits of both environments to optimize performance, scalability, and ease of change on users and administrators. However, there can be risks involved when connecting a misconfigured or ill-protected network to cloud services. Particularly, Microsoft Active Directory...
Read More NodeZero APT: Azure Password Spray Leads to Business Email Compromise
NodeZero APT: Azure Password Spray to Business Email Compromise
Read More The Elephant In the Room – NTLM Coercion and Understanding Its Impact
Since introducing NTLM coercion techniques such as PetitPotam into the NodeZero platform, we frequently have security practitioners request help understanding these techniques and what impact they have to their enterprise. There is a lack of concise resources to inform Blue Teams on how these techniques work, and clearly distinguishing them from other misconfigurations/vulnerabilities in the attack chain – particularly the...
Read More AWS Misconfiguration Leads to Buckets of Data
Misconfigured AWS Role Enables Cloud Initial Access
Read More Apache ActiveMQ RCE Leads to Domain Compromise
Pervasive CISA Known Exploited Vulnerability Enables Initial Access
Read More NodeZero Pivots Through Your Network with the Attacker’s Perspective
A NodeZero autonomous attack that leveraged two weaknesses to achieve domain compromise in 33 minutes, 9 seconds.
Read More