Tevora's Threat Blog
Practice Makes Perfect: Testing Critical Applications with Adversary Simulation
In today’s rapidly evolving digital landscape, protecting sensitive data, and ensuring robust security measures is of paramount importance. One area that has made recent headlines – and therefore requires special attention – is Identity and ...
Read More about Practice Makes Perfect: Testing Critical Applications with Adversary Simulation
Show Filters
Practice Makes Perfect: Testing Critical Applications with Adversary Simulation
In today’s rapidly evolving digital landscape, protecting sensitive data, and ensuring robust s...
Read More about Practice Makes Perfect: Testing Critical Applications with Adversary Simulation
Targeting MSOL Accounts to Compromise Internal Networks
The MSOL (Microsoft Online Services) account in Azure Active Directory Connect is used to connect...
Read More about Targeting MSOL Accounts to Compromise Internal Networks
Adversary Simulation with Voice Cloning in Real Time, Part 1
Every day, blog posts and news articles warn us about the danger of artificial intelligence (AI) ...
Read More about Adversary Simulation with Voice Cloning in Real Time, Part 1
Adversary Simulation with Voice Cloning in Real Time, Part 2
In our first blog post on this series, we discussed the limitations of existing voice c...
Read More about Adversary Simulation with Voice Cloning in Real Time, Part 2
SQLmap; Customizing tools to get the job done
Often we run into a false-positive SQLi (SQL injection) using SQLmap. Even then, our team will at...
Read More about SQLmap; Customizing tools to get the job done
Implementing Dynamic Invocation in C#
Introduction to payload development, following up on concepts in basic C# payload development.
Certified Pre-Owned ADCS and PetitPotam: Executing the Full Attack Chain with Windows and Linux
This blog provides a tutorial on executing a full attack chain from both Linux and Windows machin...
Malicious Cryptomining & Other Shifting Threats
Tevora Talks dForce $25 Million Crypto Hack, Blockchain, Blackmarket and security with Kevin Soltani
Read More about Malicious Cryptomining & Other Shifting Threats
PsyOps: Deep Dive into Social Engineering Attacks
Social engineering campaigns continue to be one of the primary methods that adversaries use to ga...
Read More about PsyOps: Deep Dive into Social Engineering Attacks
Finding Broken Access Controls
This blog post is intended to be a guide on effective and efficient methods of identifying broken...
Hackers, both white and black hat, depend considerably on open-source intelligence (OSINT) derive...
DIY Leaked Credential Search Engine – Part 1
IntroductionThis post will walk through the process we followed to build a search engine for leak...
Read More about DIY Leaked Credential Search Engine – Part 1
Atomic Red Team Windows Execution Engine
Atomic Red Team is an excellent collection of commands, activities, and other Indicators of Compr...
MuleSoft Runtime < 3.8 Unauthenticated RCE (CVE-2019-13116)
This blog post details a pre-authentication deserialization exploit in MuleSoft Runtime prior to ...
Read More about MuleSoft Runtime < 3.8 Unauthenticated RCE (CVE-2019-13116)
Physical Penetration Testing & Social Engineering
In this post, we will illustrate the roadmap of a physical penetration test and advise how to suc...
Read More about Physical Penetration Testing & Social Engineering
Surveillance Detection Scout is a hardware and software stack that makes use of your Tesla’s ca...