information-technology

Azure Key Vault Tradecraft with BARK

Azure Key Vault Tradecraft with BARK

| | azure, cloud computing, Cybersecurity, information-technology, Microsoft
BriefThis post details the existing and new functions in BARK that support adversarial tradecraft research relevant to the Azure Key Vault service. The latter part of the post shows an example of ...
Posts By SpecterOps Team Members - Medium
Browserless Entra Device Code Flow

Browserless Entra Device Code Flow

| | azure, cloud computing, Cybersecurity, information-technology, Microsoft
Zugspitze, Bavaria, Germany. Photo by Andrew ChilesDid you know that it is possible to perform every step in Entra’s OAuth 2.0 Device Code flow — including the user authentication steps — without a browser?Why that matters:Automating authentication flows enables ...
Posts By SpecterOps Team Members - Medium
Misconfiguration Manager: Overlooked and Overprivileged

Misconfiguration Manager: Overlooked and Overprivileged

| | attack-path-management, Information Security, information-technology, SCCM
TL;DR: Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance. We’re also presenting this material at SO-CON 2024 on March 11, ...
Posts By SpecterOps Team Members - Medium
Microsoft Breach — What Happened? What Should Azure Admins Do?

Microsoft Breach — What Happened? What Should Azure Admins Do?

| | azure, cloud computing, Cybersecurity, information-technology, Microsoft
Microsoft Breach — What Happened? What Should Azure Admins Do?On January 25, 2024, Microsoft published a blog post that detailed their recent breach at the hands of “Midnight Blizzard”. In this blog post, I will ...
Posts By SpecterOps Team Members - Medium
Practical Exploitation with Mubix (formerly Metasploit Minute)

How to Break Into a Cybersecurity Career – Rob Fuller (Mubix)

| | career, Cyber Security, Cybersecurity, Data Privacy, Digital Privacy, education, Episodes, hak5, Information Security, information-technology, Infosec, interview, Marine Corps, Mubix, Podcast, Privacy, Rob Fuller, security, technology, Weekly Edition
This week we continue our series on how to break into a cybersecurity career with long time industry veteran, Rob Fuller (Mubix). Rob speaks with us about how he started his career ...
The Shared Security Show
How Information Security Breaks The Classic IT Model

How Information Security Breaks The Classic IT Model

| | Cybersecurity, departments, Hacking, Information Security, information-technology
How Information Security Breaks The Classic IT ModelFrom The Other Side Of The PO Blog: Part 4CEO: “ Due to complications in the market with unexpected changes in product and customer spending, ...
Stories by John P. Gormally, SR on Medium

How Tripwire Log Center and Tripwire Industrial Visibility Can Work Together

| | ICS Security, IIoT, information-technology, iot, operational technology, Tripwire Industrial Visibility, Tripwire Log Center
Many industrial security professionals lack visibility into their organizations’ assets and processes. This includes Industrial Internet of Things (IIoT) devices as well as industrial organizations’ supply chains. Back in March 2021, Tripwire ...
The State of Security

How to protect a corporate Wi-Fi network

| | Cybersecurity, guest contributor, information theft, information-technology, iot, security, security technology, wifi
The importance of Wi-Fi both for providing various services to customers and employees and for managing and receiving data from technological facilities, coupled with the interoperability of IoT devices, is increasing every ...
Radware Blog
The Complete Guide to Securing Your Software Development Lifecycle

The Complete Guide to Securing Your Software Development Lifecycle

| | application development, Cybersecurity, information-technology, Software Development, software engineering
How to improve the security of your application with strong DevSecOpsPhoto by 愚木混株 cdd20 on UnsplashThe unfortunate reality is this: application security is in an abysmal state. Industry research reveals that 80% of ...
ShiftLeft Blog - Medium
Does Your Health App Meet HIPAA Compliance Requirements?

Does Your Health App Meet HIPAA Compliance Requirements?

| | application development, Cybersecurity, healthcare, Information Security, information-technology
Photo by Mockup Graphics on UnsplashHealthcare providers increasingly use mobile apps and web applications as part of the move to telemedicine. As of July 2021, analyst McKinsey noted that telehealth utilization had stabilized ...
ShiftLeft Blog - Medium
Load more