A lightweight, PowerShell-based SMB enumeration and data-gathering tool for red team engagements and penetration testing. This tool is designed to work natively on Windows without the need for external dependencies like Python or Linux-based utilities.

Server Message Block (SMB) is a ubiquitous protocol used for file sharing, remote access, and resource management across enterprise networks. While critical for business operations, its misconfigurations can expose vulnerabilities to attackers. In this blog post, we’ll dive into a real-world red team operation where a simple yet effective PowerShell-based tool led us from SMB enumeration to full network takeover.

Server Message Block (SMB) is a ubiquitous protocol used for file sharing, remote access, and resource management across enterprise networks. While critical for business operations, its misconfigurations can expose vulnerabilities to attackers. In this blog post, we’ll dive into a real-world red team operation where a simple yet effective PowerShell-based tool led us from SMB enumeration to full network takeover.

Managing sensitive data while meeting compliance and security standards is an ever-growing challenge for organizations. Today, secure data management is a top priority, especially in industries like healthcare, finance, and fintech. This focus is expected to intensify in the coming years. To address these needs, privacy vault solutions like Databunker, Skyflow, and Piiano have emerged. Each offers unique capabilities tailored to specific use cases.

Cybersecurity is a critical and complex challenge for every business in today’s digital world. However, not every business has the resources, expertise, or time to manage its security effectively and efficiently. That’s where CISO as a Service comes in. CISO as a Service is a flexible and scalable solution that provides you with access to a dedicated and experienced Chief Information Security Officer (CISO) and their team of security professionals.

Last week I met with a Director of a European Bank. A question he asked me was "How much should we spend on Cyber Security"? As there is no one-size-fits-all answer to this question, I will try to break it down: Small Businesses (1-50 employees): Secure Your Startup/ SMB/ SME Medium Businesses (51-500 employees): Step Up Your Game Large Businesses (500+ employees): Go Big on Security Enterprise Level (5000+ employees): Fortify the Fortress Bonus Tips Practical Steps Invest in Cybersecurity.

PDF Exports: Hidden SSRF Risk In the realm of cybersecurity, understanding vulnerabilities is paramount to safeguarding sensitive data and maintaining the integrity of systems. One such vulnerability that often lurks in the shadows is SSRF, or Server Side Request Forgery. While SSRF vulnerabilities have been extensively discussed in various contexts, today, we're going to delve into a unique perspective – exploring SSRF vulnerabilities through the lens of HTML to PDF exports.

Our healthcare client faced a security threat through PDF generation on their platform. We discovered a flaw that allowed harmful code to be included in PDFs, enabling us to access internal server files and services as well as obtaining AWS credentials. Taking proactive steps is vital to protect healthcare systems from such vulnerabilities.

As the cybersecurity landscape continues to evolve, the importance of rigorous and proactive security measures has never been more pronounced. The Network and Information Security (NIS2) Directive, an initiative by the European Union, is set to redefine cybersecurity standards for essential and important entities, emphasizing the need for robust risk management, incident response, and business continuity planning.