Blog (FR)

Discover our cybersecurity articles

19.Juil.2022

Fotios Liatsis, Senior Security Consultant

Social engineering is the art of manipulating people so that they give up confidential information or perform an action you ask them to do. Social engineers are usually trying to trick victims into giving them their credentials, bank information or access to computers to secretly install malicious software. Find out how phishing actually works and what you can do to reduce the risk.

Penetration Testing To Prevent API Attack

27.mai.2022

Anthony Ippolito, Security Consultant, Outpost24

This blog describes the attack path we have uncovered during a recent penetration test of a web application, coupled with a back-end infrastructure assessment. Throughout we introduce different attack techniques and tools that can be used to attack the underlying infrastructure and APIs of a web application.

Opensource from hell: malicious JavaScript distributed via opensource libraries, again

17.Mar.2022

Martin Jartelius, CSO, Outpost24

It’s open source, anyone can audit it, but is it safe? In this blog our CSO explores why distribution of malicious scripts via libraries is causing a stir amongst the open-source community and how you can defend against it.

Conveniently insecure: the tradeoff between security and convenience

21.fév.2022

Martin Jartelius, CSO, Outpost24

When it comes to making business decisions about new technologies and software adoption into your organization – it’s vital to work with your security team to balance the need for speed without sacrificing security. Being the go-to person for IT security controls, our Group CSO, Martin Jartelius explains how he approaches this by playing ‘devil’s advocate’ to assess if the technology that makes the business operate better and faster is really worth the risks it comes bundled with.

Alice in Windowsland: 3 ways to escalate privileges and steal credentials

01.oct.2021

Liatsis Fotios, Senior Security Consultant

Read how our red team used different attack techniques to hack AppLocker restrictions by implementing escalated privileges and reusing the Credentials Manager to extract stored data and Azure information.

Multiple vulnerabilities discovered in Pyrescom Termod4 smart device

29.jan.2021

Hugo van den Toorn and Jonas Mattsson

Read how our red team outsmarted a smart time management device and discovered CVE-2020-23160, CVE-2020-23161 and CVE-2020-23162

Social distancing times are social engineering times

12.juin.2020

Martin Jartelius, CSO, Outpost24

Recently, we encountered an attacker who had taken efficient spear-phishing to an interesting and increased level of consistency and automation. We’ve also seen firsthand the speed at which this attacker learned from some initial mistakes to launch their successful attack which we identify in the examples in this blog.

Responsible disclosure: Multiple stored XSS vulnerabilities discovered in ServiceNow ITSM by Outpost24

05.mai.2020

Hugo van den Toorn, Manager Offensive Security at Outpost24

During a web application pentest by our Ghost Labs OffSec team in March last year, we discovered multiple stored cross-site scripting vulnerabilities on the widely popular ServiceNow IT Service Management software. After informing our customers, we reached out to the vendor (ServiceNow). In collaboration with them, the vulnerabilities are quickly triaged and remediated in later versions of the product. To remediate we urge users of the ServiceNow platform to upgrade to the latest stable version. We would like to thank ServiceNow’s security team for their swift and adequate response.