XSS Vulnerability in the “Get a Quote” form while bypassing WordFence and CloudFlare
During an external penetration testing, we uncovered a Cross-Site Scripting (XSS) vulnerability in the newly introduced “Get a Quote” form on the client’s website. This weakness allows malicious script injection via user input, which was not caught by existing defenses (including Wordfence and Cloudflare Web Application Firewall).
Unauthorized LDAP Enumeration Exposes Active Directory for Privilege Escalation
During a penetration testing assessment, we revealed a critical weakness in the Active Directory (AD) environment stemming from improper LDAP access controls. Our Red Team successfully brute-forced a weak administrator password and remotely accessed a Windows server.
Using Favicon for OSINT
When it comes to OSINT, the smallest details often uncover the biggest insights—and the favicon is a perfect example. Whether you’re on the red team or the blue team, understanding favicon hashing will sharpen your discovery techniques, enhance your infrastructure visibility, and help you uncover connections others routinely miss.
Red Team vs Blue Team Mindset for Better Cybersecurity Defense
Discover how adopting both red team (attacker) and blue team (defender) mindsets can enhance cybersecurity strategies, improve risk management, and build resilient defenses against modern threats.
Oracle ILOM Compromise via EternalBlue
During a penetration testing assessment, our team identified a critical exploitation chain affecting an enterprise network. The attack began by exploiting the EternalBlue vulnerability on an unpatched Windows server, allowing remote code execution.
Server Authentication: The neglected area of Active Directory Certificate Services (ADCS)
This article explores how attackers can leverage Server Authentication templates to compromise networks and why hardening these templates is just as critical to an organization’s security posture.
Best 5 Automated Identity Threat Protection Solutions
Discover the top 5 automated identity threat protection solutions that leverage AI and real-time analytics to defend against cyber threats, data breaches, and identity theft.
Enhancing Connectivity with Ivory Coast: Leverage a Virtual Number
Enhance your connectivity in Ivory Coast with a virtual number from Virtnum. Establish a local presence, secure your communications, and enjoy cost-effective, seamless interactions with businesses and individuals.
Major Cyber Attacks that shaped 2024
In this article, we dissect the most devastating cyberattacks of 2024—not just what happened, but why they happened, how attackers exploited vulnerabilities, and the lessons they left behind.
Cyber Ground Newsletter
Cyber Ground is a newsletter that keeps you updated every Monday with topics such as Security Awareness, Red Teaming, Bug Bounty, and much more, focused on the Information Security World.
Stay Informed and Expand your knowledge.
Our Newsletter is totally free!
From time to time, we would like to contact you about our solutions, as well as other content that may be of interest to you as an individual and or a business.
