Praetorian Security Blog
When you're constantly advancing your industry and helping secure today's leading organizations, people notice. Explore our cutting-edge information security news and research.
-
Advanced Threat Simulation: Are You Ready for Red Team Operations?
Posted by Luke McLemore
Determining where your organization is along the corporate security journey is essential in determining what services you should be seeking, and what considerations you should have when requesting more advanced tests and operations. Red Team Operations can be an enticing, especially if you have read our blog over the differences between red teams and traditional penetration testing (link to blog post), but not every security program is ready to detect and respond to these advanced threats. This blog provides a set of criteria to review before dedicating resources to a Red Team Operation.
read more »
-
What is the Difference Between a Penetration Test and a Red Team Assessment?
Posted by Luke McLemore
When looking for external security services there is often a lot of confusion across the board concerning what exactly a penetration test is vs a “Red Team” operation, as a main component of the latter is essentially penetration testing. This blog acts as a resource to identify the differences between a normal penetration test and a full red team assessment.
read more »
-
An Alternative and More Effective Approach to Commoditized Penetration Testing
Posted by Luke McLemore
Penetration testing is a well known and understood exercise to keep your security team and procedures ahead of the curb, but due to the commoditization of testing itself, it is often not used in the most optimal way to secure your corporate assets, and more often is not conducted with the best methods.
read more »
-
Signed Binaries Proxy Execution - T1218
Posted by Josh Abraham
The MITRE ATTACK April release included is a new TTP known as 'Signed Binaries Proxy Execution' which is T1218. This TTP is based on an attacker using signed binaries to perform malicious activities.
read more »
-
Signed Scripts Proxy Execution - T1216
Posted by Josh Abraham
Many organizations trust all signed code from Microsoft. Unfortunately, there are many ways in which attackers can use this trust against them. Previously, we covered using signed binaries to perform malicious activities. In this post, we will be covering how to use signed scripts.
read more »
-
How to use Kerberoasting - T1208 for Privilege Escalation
Posted by Josh Abraham
In our experience, Kerberoasting is an attack that is similar to others in that defenders need to fully under it to be able to properly migrate the risks. It’s our goal that through pushing this content into the MITRE ATT&CK framework we have increased the awareness of this TTP so that organizations can be better protected in the future.
read more »
-
Summary of April MITRE ATT&CK RELEASE
Posted by Josh Abraham
MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target. ATT&CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.
read more »
-
Privilege Escalation in AWS with PassRole Attacks
Posted by Kesten Broughton
All instances launched by AWS by default have instance credentials supplied by the AWS metadata service. AWS operators can attach PassRole policies given to an instance at launch time.
read more »
-
Path.Combine Security Issues in ASP.NET Applications
Posted by Anna Pobletts
Path traversal vulnerabilities are a common class of web application vulnerability, where an attacker aims to access files outside of the intended directory by using “../” patterns to traverse directories or by using absolute paths. These vulnerabilities are commonly found in file upload or download functionality of an application.
read more »
-
KRACK (Key Installation Attack) Against Wi-Fi Networks
Posted by Blake Luther
A flaw in the implementation of WPA2-based encryption allows for an attacker within physical range of the wireless network to decrypt traffic from a vulnerable client, allowing for viewing, intercepting, and modifying data in transit. This vulnerability has been assigned CVE numbers CVE-2017-13077 through CVE-2017-13088. There does not yet exist a working public exploit for this attack. However, the research group who discovered it have published their efforts, and working exploit code is likely a matter of days away.
read more »
Your World, Secured.
