22 min read
Installer Misconfigurations and Weak Folder Permissions: A Sage 300 Case Study
In modern cyberattacks, threat actors will often begin their attacks against enterprises by obtaining low-privileged access to a single system in the...
offensivesecurity (6)
3 min read
Control Gap Vulnerability Roundup: July 1st to 8th
This week saw the publication of 330 new CVE IDs. Of those, 296 have not yet been assigned official CVSS scores, however, of the ones that were,...
2 min read
Our Offensive Security Hiring Process
Control Gap is expanding our Offensive Security team and looking for talented individuals. To ensure that we have the right team, we needed a better...
2 min read
The MS Exchange - World-Wide Exploitation
For organizations running on-premise Microsoft Exchange servers, we want to make you aware of four severe zero-day vulnerabilities announced on March...
4 min read
LLMNR / NBT-NS: You’re Poison!
Attention Windows sysadmins: search for "LLMNR" and once you've finished panicking, then get that nonsense disabled. Over the past year and over 50...
4 min read
The 3 Approaches to Penetration Testing for PCI DSS
Understanding PCI DSS requirements in depth can often be confusing and frustrating. The requirements covering penetration testing, PCI DSS 11.3, are...