About this talk After attending this webinar, you’ll know: The numbers behind why organizations of all sizes consider removing expiry The things you need in place before even considering removing expiry Whether or not removing expiry is right for your AD environment Is this talk right for you? This discussion...

About this talk In our rapidly evolving digital era, cybersecurity is in a constant state of flux. In this webinar our threat intelligence experts will highlight the latest threat actor trends, vulnerabilities and campaigns threatening organizations today. We will provide valuable insights into the cybercrime landscape and how to protect...

During some standard research as part of the Outpost24 Ghost Labs Vulnerability Research department, I discovered four different vulnerabilities in Nagios XI (version 5.11.1 and lower). Three of these vulnerabilities (CVE-2023-40931, CVE-2023-40933 and CVE-2023-40934) allow users, with various levels of privileges, to access database fields via SQL Injections. The data...

Imagine your organization's digital fortress - now picture a thousand hidden doors, each a potential entry point for cyber threats. In the world of cybersecurity, these doors are known as 'external attack surface vulnerabilities' and understanding them is the first step to locking them down. External attack surface vulnerabilities are...

During a recent customer engagement, I came across an instance of a rather rare vulnerability class called HTTP request smuggling. Over the course of several grueling days of exploit development, I was eventually able to abuse this vulnerability to trigger a response queue desynchronization, allowing me to capture other users’...

How does phishing-as-a-service (PhaaS) really work, and can it really bypass MFA? Here, we will walk you through the user interface of a PhaaS platform, and how its users can quickly build their own attacks using the built-in attack models and templates (and bypass MFA). For a layered approach, beyond...

As the threat landscape evolves, so must the methods and tools to safeguard critical digital assets. Traditional vulnerability management programs that were once considered the gold standard are starting to show limitations in their ability to address complex cyber risks, leaving teams to manually triage long lists of potential vulnerabilities....

About this talk You can't stop the expansion of your external attack surface, but you can identify unknown assets and their vulnerabilities to mitigate the security risk. External attack surfaces expand due to modern software development practices, mergers and acquisitions, the adoption of multi-cloud strategies and much more. Many organizations...

About this talk As enterprises increasingly migrate towards cloud ecosystems, we find ourselves navigating a hybrid realm, where servers span both sides of the cloud, and clients must seamlessly function across these domains. However, this new frontier presents a challenge that cybercriminals are exploiting, making it imperative for businesses to...

Dark AI tools are software applications that use artificial intelligence for malicious purposes, such as hacking, phishing, and spreading disinformation. These tools can automate and enhance cyberattacks, making them more sophisticated and harder to detect. Threat actors are constantly looking for new ways or paths to achieve their goals, and...