SecurityTrails Blog

Guide and Enrich Red Team Operations with Attack Surface Intelligence
One of the many cognitive spaces where cybersecurity practitioners often like to boast of ingenuity lies in the realm of adversarial emulation.

Journey to the Underbelly of the Beast: Out-of-Band Management Security and the Attack Surface
As of this writing, enterprise networks around the world are still known to be supporting some form of hardware-based remote access and control capability, collectively referred to as out-of-band management (OOBM), as a fallback mechanism to provide system administrators with an alternate data path to computing elements that may otherwise be unreachable through more traditional network media.

The CVE Approach: A Reductionist Way to Handle the Attack Surface
As recently as the 1990s, the information security industry lacked a fundamental mechanism to deal with the notion of sharing both hardware and software vulnerabilities using any sort of meaningful taxonomy.

How to detect developer mistakes before the bad guys do
Web development is one of the largest, if not the largest, sectors in the current tech space. Everything you see on the internet falls more or less into the web development category, which ranges from basic website UI and UX development to complete application frontends and backends. And the surface area of web development is probably the largest it's ever been.

RDP: Risks and Prevention Tips for Your Attack Surface
The Remote Desktop Protocol (RDP) belongs to a subset of ITU-T protocol standards purposely designed to provide reliable transport of visual, input, control, and component-sharing data and capabilities from one remote computer system to another.

Action needed: Atlassian Confluence On-Premise RCE Vulnerability - CVE-2022-26134
If you are an administrator of an Atlassian Confluence On-Premise installation, please make sure to update your installation immediately. All current versions of Confluence Server & Data Center are affected.

Attack Surface Intelligence: When the Power Comes from the Data
In the current era of the remote workforce, businesses have struggled to meet customer and stakeholder expectations of evolving cyber threats. While organizations choose the best option to update their internal security posture continuously, they often do very little to monitor external threats on their attack surface.

Preventing Subdomain Takeover Attacks with Attack Surface Intelligence
Next year will mark the 40th anniversary of the creation of the Domain Name System (DNS) by Paul Mockapetris, a pioneer of the IT industry whose forays into early distributed systems and email delivery applications led to the groundbreaking naming exchange that permeates today's internet.

The Role of Cloud Misconfigurations & the Attack Surface in the 2022 Verizon DBIR
This year's 15th installment of the Verizon Data Breach Investigations Report (DBIR) features yet another impressive dataset of corporate breaches and exposures marked by an overriding postulate: attack surfaces matter* and they should dictate a large portion of your risk assessment strategy.

Insights and lessons learned from the recent BIG-IP Application Delivery Services Vulnerability
Every few months, a bug will come along that puts the information security community into a flurry of activity. Working weekends and nights to understand new vulnerability information as it comes to light, applying new patches (sometimes multiple times, as the situation changes), while also keeping apprised of new information hasn’t been uncommon. Throughout these past couple of years, we’ve had bugs as notable as Log4J, ProxyLogon, and more recently, a string of F5 vulnerabilities.