Effective Vulnerability Management doesn’t end with detection, it ends with action. And to take the right action, you need clear, accurate, and timely reports. In today’s fast-moving threat landscape, reporting is not just a formality, it’s a critical bridge between scan data and strategic security decisions. This article explores the role of reporting within the…
Read MoreIntroduction: What is MCP? The Model Context Protocol is an emerging open standard that defines how large language models and AI agents interact with external tools, services, and data sources. Instead of every AI provider building its own proprietary “tool calling” system, MCP provides a common protocol (typically over JSON-RPC) to expose capabilities such as…
Read MoreIn the context of vulnerability management, it’s common to be faced with a long list of findings after each scan, often too many to tackle all at once. But how do you decide where to focus your efforts and resources? Which vulnerabilities are truly critical, the ones that could actually compromise your organization’s security? The…
Read MoreWhen we talk about security assessments, the first thing that comes to mind is a snapshot of a company’s security posture: vulnerabilities, misconfigurations, uncontrolled access, and so on. But reducing these activities to a mere “test” means missing a key strategic opportunity: turning every assessment into the possibility of helping the internal IT team grow…
Read MoreIn the ever-evolving cyber threat landscape, financial institutions no longer have the luxury of relying on standard penetration tests or traditional assessments. As attackers grow more sophisticated and persistent, defenders must shift from theory to real-world simulation. This is exactly where Threat-Led Penetration Testing (TLPT) enters the picture, and with the EU’s Digital Operational Resilience…
Read More⚠️ Warning: This article is intended for educational and ethical purposes only ⚠️ Red teamers don’t often engage in DDoS campaigns or stress testing against client systems, mainly for two reasons: However, there are cases where clients explicitly request such activities. When that happens, the red team must be thoroughly prepared; both legally, to clearly…
Read MoreIn the realm of red teaming, rapid and efficient information gathering is very important. To streamline this process, we’ve developed Vermilion, a lightweight post-exploitation tool for the rapid collection and optional exfiltration of sensitive data from Linux systems. A significant percentage of computational workflows worldwide run on GNU/Linux. Primarily used in servers and increasingly in…
Read MoreAs the digital arena evolves at lightning speed, so do the tactics of those seeking to breach it. Traditional security measures are no longer enough for today’s increasingly sophisticated cyber threats. The perimeter of technological infrastructure is no longer carved in stone – it shifts continuously, reflecting systems that are more distributed and challenging to…
Read MoreWhile traditional vulnerability scanning techniques provide valuable insights from the outside, authenticated scans offer a deeper, more comprehensive understanding of system security by providing more vulnerability details on the scanned system from an internal perspective. By leveraging valid system credentials, Greenbone’s authenticated scans provide critical insights about system configurations, software versions, and potential internal weaknesses…
Read MoreNowadays attacks evolve over time and threat actors are following different ways to reach the same objectives. This could represent a problem on the defensive side. How can you always be up-to-date and ready to detect, but then when a vulnerability is exploited be able to act in several ways depending on the threat actor?…
Read MoreIn today’s digital landscape where cyber threats are constantly evolving, recurring vulnerability scanning is not only a best practice, but a strategic imperative with the aim of minimizing exposure to potential risks. Regular vulnerability scanning helps identify weaknesses in systems, applications and infrastructures, allowing them to be addressed in a timely and strategic way before…
Read MoreThere’s no way around it: Artificial Intelligence is reshaping our world in profound ways, and it’s here to stay. In recent years we’ve entered a golden age for specialized hardware and algorithms suited to enhance machine learning models. These technologies are now bringing significant advances across various sectors, from finance to healthcare, from e-commerce to…
Read MoreHave you already read this blog post Adding soar features to the soc part 1 vulnerability management? If not, you have to! It explains the SOAR features leveraged by the Würth Phoenix SOC and how we implement our Vulnerability Management process. In this article, I’ll take a step back, focusing on what happens before the…
Read MoreDuring a Vulnerability Remediation process, understanding which vulnerabilities pose a real and significant risk for an organization is not so obvious, and most of the time it involves several different aspects. It takes into consideration several factors related to available resources and time, company assets, severity, compatibility with fix methodologies, and others. There is no…
Read MoreSecurity Orchestration, Automation and Response (SOAR) is a set of functionalities used by the SOC team to automate security activites, improve workflow management and share threat intelligence data. Security Operation Centres (SOCs) can leverage SOAR to gain in-depth knowledge of the threats they face, trigger automatic responses to security issues and achieve better efficiency. In this…
Read More