Vonahi Interview with Jenny
Watch our founder provide a quick interview exclusively for the Jenny platform by DecipherCyber.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Vonahi Security
2022 Challenger Interview: Vonahi Security + Decipher Cyber
The Decipher Cyber Jenny Challenger Interview features Alton Johnson, CEO and Founder of Vonahi Security, and Karissa Breen, Founder of KBI, the marketing & media company dedicated solely to the cybersecurity sector. About Vonahi Security: Vonahi Security is a cybersecurity company that developed vPenTest, a SaaS platform that automates network penetration testing and delivers continuous testing at a fraction of the cost of an outsourced consultant.
Respect in Security
Vonahi Security, as a member of the cybersecurity community committed to the prevention of all forms of harassment within our industry, hereby pledges its support for a workplace and community free from harassment and fear.
SrClient DLL Hijacking: a Windows Server 2012 0-day that won't be patched
I recently discovered that all versions of Windows Server 2012 (but not Server 2012 R2) are affected by a DLL hijacking vulnerability that can be exploited for privilege escalation. Moreover, the flaw can be triggered by a regular user and does not require a system reboot. Sounds like a pretty big deal, right? Well, not according to Microsoft, unfortunately.
What's in a (re)name: RCE Hunting in CMSs via Unrestricted File Upload
During a recent bug hunting binge I discovered my first two vulnerabilities that could be exploited to achieve remote code execution (RCE). No bragging rights were earned though, because finding and exploiting these issues was incredibly straightforward. I’m not humble bragging here (I wish). In fact, the issue underlying both vulnerabilities, which each affect a different content management system (CMS), is very basic and was literally the second thing I checked for.
When the PATH to SYSTEM is wide open: Philips SmartControl DLL hijacking (CVE-2020-7360)
Remember that high school teacher who was never more than one chapter ahead of their students? Well that is me, in this blog. ¯\_(ツ)_/¯
Avoiding SMB Rate Limits During Authentication Attacks
During a penetration test, it's not an uncommon practice for a penetration tester to launch a password attack against Active Directory. Many times this password attack uses a list of domain user accounts that were enumerated or even just a list of potential domain user accounts that were generated randomly. Many penetration testers will either perform just a single password attack or at least 2-3 attempts, depending on domain's password lockout policy is set to.
Automated Penetration Testing: 5 Benefits for CISOs
Research by Cybersecurity Ventures projects a doubling of the global cost of cybercrime in the 2015-2021 period from $3 trillion to $6 trillion. The escalation of cybercrime is closely related to the rapid expansion of the cyber attack surface. For instance, the total number of Internet users doubled between 2015 and 2018 from 2 billion to 4 billion, and is expected to hit 6 billion by 2022.
vPenTest: Real-Time and Automated Network Penetration Test Platform
vPenTest is an automated and full-scale penetration test platform that makes network penetration testing more scalable, accurate, faster, consistent, and not prone to human error. Using vPenTest, organizations can now perform a penetration test at any time, allowing network administrators to evaluate their risks to cyber attacks in nearly real time.
2019/2020: A Few Cybersecurity Reflections and Predictions
With 2019 nearly in the books, this post reflects on a few of the biggest cybersecurity developments of the past year, and on how these trends are likely to shape the industry in the coming year.