Reading Time: 4 minutes Introduction to NAC Security Remember our deep dive in the first part (view part 1: https://soc-blog.approach-cyber.com/raspberry-pi-and-stealthy-snooping-a-red-teams-secret-weapon) about the not-so-secret vulnerabilities of NAC Security (network access control) employing IEEE 802.1X? We delved into the nitty-gritty of this standard and shed light on its susceptibility to the age-old man-in-the-middle attack. NAC Security: Network infiltration Isn’t it fascinating…
Ethical Hacking
NAC Security (part 1) : Getting to Know 802.1X Flaws
Reading Time: 4 minutes Explore the world of cyber security and Red Teaming with Raspberry Pi. Discover how this small but versatile device becomes a secret weapon, bypassing Network Access Control (NAC) systems and unraveling the complexities of IEEE 802.1X protocol. Join us on this journey of innovation, adaptation, and perpetual vigilance in the realm of digital security.
Risks of MFA Relay Attacks with Evilginx
Reading Time: 5 minutes In today’s digital age, businesses face increasing cyber security threats. Multi-Factor Authentication (MFA) has gained popularity as a strong security measure. However, cyber attackers have devised a technique called the MFA relay attack or Evilginx attack to bypass MFA. This article explores the risks associated with this attack, including account compromise and the need for MFA security. It also discusses the Evilginx phishing attack, the extensive risks it poses, and ways to protect against it.
Annual Pentest Report 2023
Reading Time: 2 minutes Our Annual Pentest Report presents key insights on the latest trends and vulnerabilities in application security based on comprehensive analysis by our ethical hacking team. With a focus on “Business Logic Flaws” this year, the report provides valuable guidance on detecting and addressing unique vulnerabilities. It is a must-read for CISOs, security teams, developers, and business leaders interested in enhancing their cyber security posture and staying informed on industry developments.
Hackable Intelligence Revisited
Reading Time: < 1 minute as ML gains prominence, it also becomes a prime target for malicious actors. Delve into our enlightening whitepaper as our ethical hacker, Samraa Al Zubi, investigates prevalent attack types against machine learning and helps you identify potential risks and determine if ML solutions are suitable for your business. Gain insights into proper use cases for ML, forthcoming regulations governing AI and ML, methods to assess your security posture, and discover the most effective tools and defences to fortify your ML systems. Let’s prepare to defend AI and ensure its potential is harnessed without compromising security.
Annual Pentest Report 2022
Reading Time: < 1 minute Dive into the rising prevalence of broken access control vulnerabilities, leverage expert advice from our Secure Development team to empower your developers, and uncover the benefits of periodic pentesting to enhance security and optimize your security investment. With APIs emerging as a prime target for cyber-attacks, it’s crucial to test and secure them effectively, leveraging the OWASP’s dedicated classification for API vulnerabilities. Discover why a single pentest is insufficient and learn how integrating pentests into your secure development process over time yields the best results. Explore our comprehensive ethical hacking solutions and fortify your defences against evolving threats.
Annual Pentest Report 2021
Reading Time: 2 minutes The report features the top 10 vulnerabilities, emphasizes the value of combining automated scanning with manual penetration testing, and provides actionable recommendations to enhance the security of web applications. With 100% of tested applications revealing at least one vulnerability and over half experiencing critical issues, organisations are urged to prioritize security. Discover why web applications are prime targets for cyber-attacks and how our ethical hacking team can help identify vulnerabilities, create actionable plans, and raise security awareness within your organisation. Don’t wait for hackers to exploit your weaknesses.
Attacks against AI applications
Reading Time: < 1 minute Explore the vulnerabilities of AI systems and the potential risks they pose in our whitepaper, “Hackable Intelligence.” Discover the unique challenges of securing AI applications and gain insights into best practices for safeguarding against attacks. Written by Samraa Alzubi, a Cyber Security Consultant at Approach, who specializes in researching and combating attacks against machine learning. Download the whitepaper now.
Did you scan your security scanners?
Reading Time: < 1 minute Discover the vulnerability found in Saint Security Suite during our assessment of popular vulnerability scanners. Learn how a cross-site scripting (XSS) flaw was exploited and the potential impact it could have. Read our ethical hacker testimonial by David Bloom, Cyber Security Senior Consultant.
How I hacked a cheap IoT
Reading Time: 5 minutes We share the first-hand account of hacking a cheap IoT device and explore the vulnerabilities that were exploited. Delve into the world of cyber security as we reveal the importance of proper input validation and webserver hardening. Discover how this incident could have been prevented and gain valuable insights to safeguard your own online presence. Join us as we unravel the exciting journey of securing IoT applications and protecting against potential threats.
Can an Antivirus really be trusted when it comes to unknown threats?
Reading Time: 4 minutes The effectiveness of antivirus solutions in protecting against unknown threats is put to the test in an attack simulation. Using an in-house developed malware, we found that while an up-to-date Sophos Advanced Endpoint Protection and Sophos Intercept X solution performed better than three other major vendors, security solutions alone are not enough to provide effective protection.