Microsoft - Securin

Jan 10, 2022

A Penetration Tester’s Perspective: What’s Next after Domain Admin?

Organizations have been increasingly relying on cloud services from Azure, since Microsoft provides native support. As a result, CSW penetration testers have been researching various attack vectors related to Azure. Read on to find out more about their findings.

Jan 4, 2022

Top 5 Affected Products in CISA’s Catalog of Known Exploited Vulnerabilities (KEV)

Our researchers analyzed CISA’s catalog of Known Exploited Vulnerabilities (KEV) to study the most affected products by number of vulnerabilities. Read on to learn more about their analysis.

Dec 27, 2021

Patch Now: Two Microsoft Active Directory Bugs Chained to Takeover Windows Domain

Two Active Directory bugs with vulnerability-chaining capabilities allow attackers to impersonate regular domain users to gain privileges and get access in unpatched Microsoft Windows Active Directory.

Dec 6, 2021

Top Affected Vendors according to CISA’s Catalog of Known Exploited Vulnerabilities (KEV)

While all vulnerabilities listed by CISA are critical and should be prioritized for patching, five vendors stand out from the rest with the most number of CVEs associated with their products.

Nov 12, 2021

Patch Urgently – Microsoft OMIGOD Vulnerabilities Are Under Active Exploitation!

Thousands of Azure users and millions of endpoints are impacted by ‘OMIGOD’ zero-days,” was the initial outburst when the open-source vulnerabilities were disclosed. Many Azure customers are unwittingly putting themselves in danger.

Oct 5, 2021

CISA & FBI : Zoho Flaws Being Actively Exploited, Patch Now

The FBI, CISA, and the Cyber Guard (CGCYBERs) warned of a serious vulnerability (CVE-2021-40539) in a single Zoho Signup and Password Management Solution that State Advanced Persistent Threat (APT) actors are actively scanning the internet for vulnerable servers.

Sep 15, 2021

Microsoft Exchange ProxyShell and Windows PetitPotam vulnerabilities chained in New Attack

The LockFile ransomware group has been actively exploiting the Microsoft Exchange ProxyShell vulnerabilities. Read our analysis to understand how you can protect yourself from a potential ransomware attack.

Jul 2, 2021

How to Detect CVE-2021-34527?

CSW Pentester’s have released a script to detect the Windows Print Spooler Remote Code Execution Vulnerability. Running the script can help organizations detect connected devices that could be vulnerable to exploits.

Attack Surface Management

Vulnerability Intelligence

Vulnerability Management

Penetration Testing

PARTNERS

RESOURCES

WHO WE ARE

CAREERS