LLM pentest: Leveraging agent integration for RCE
Blaze Information Security
by Blaze Labs
5M ago
Author: Pedro Henrique Lima This blog post delves into the class of vulnerability known as “Prompt Leaking” and its subsequent exploitation through “Prompt Injection,” which, during an LLM pentest engagement, allowed the unauthorized execution of system commands via Python code injection. In a detailed case study, we will explore the mechanics of these vulnerabilities, their implications, and the methodology used to exploit them. Before getting into what matters, it’s important to understand the basics of what an LLM is and how its integration functions. The basics of LLM agent integration LLM ..read more
Visit website
PWN DAT DOMAIN: Becoming domain admin with a little help from Veeam Backup
Blaze Information Security
by Blaze Labs
7M ago
This post provides a walkthrough of a privilege escalation to domain admin taking advantage of Veeam backups. Author: Roberto Soares (during his tenure at Blaze Information Security) In this blog post, we delve into a technical sequence of steps culminating in achieving control over a domain. This attack was executed with technical rigor, emphasizing the importance of conducting such activities strictly within authorized environments. The initial step involved utilizing the crackmapexec tool on a specific IP range provided by the client. This tool pinpointed which Windows machines were ac ..read more
Visit website
Mobile application penetration testing – Everything about it
Blaze Information Security
by Julio Fort
8M ago
As companies depend more on mobile apps for their fundamental activities, safeguarding these applications from possible risks and weaknesses is crucial. Therefore, conducting penetration testing on mobile applications is vital for any entity developing mobile apps for Android and iOS. At Blaze Information Security, we conduct various mobile app penetration testing assessments every year. Many of our first-time clients have numerous inquiries about the process – including how to prepare, what information the penetration testers need for an effective test, the tools used, testing strategies, typ ..read more
Visit website
Penetration testing for startups – An essential guide
Blaze Information Security
by Ewelina Baran
8M ago
According to the new Atomico report, The State of European Tech, Europe currently has more than 3,900 growth-stage tech companies and 41,000 early-stage startups – and in the next five years, at least 25,000 more tech startups are expected to be formed. The US startup scene also has reasons to be optimistic in 2024, with investments expected to grow this year. Still, there are many challenges startups have to face, such as the growing number of cyberattacks. Recent findings, including those from Verizon’s 2023 Data Breach Investigations Report, indicate that small businesses are the target of ..read more
Visit website
Web application penetration testing – all you need to know
Blaze Information Security
by Julio Fort
8M ago
As businesses increasingly depend on web applications for their core operations, securing them against potential threats and vulnerabilities becomes essential. Penetration testing for web applications is thus vital for any organization developing or maintaining web-based services and SaaS applications. At Blaze Information Security, we conduct hundreds of SaaS and web application penetration testing assessments every year. We often encounter first-time clients with several questions about web application pen testing – particularly regarding preparation for these assessments, the type of inform ..read more
Visit website
HIPAA penetration testing – The guide to staying compliant
Blaze Information Security
by Ewelina Baran
9M ago
In healthcare, safeguarding patient data is not just a regulatory requirement but a cornerstone of trust and operational reliability. Recent statistics from the HHS Office for Civil Rights (OCR) show a significant rise in healthcare data breaches and cybersecurity incidents. Between 2018 and 2022, large data breaches reported to OCR increased by 93% (from 369 to 712), with a 278% surge in ransomware-related breaches. The Health Insurance Portability and Accountability Act (HIPAA) sets rigorous standards to safeguard sensitive patient information in the United States. As cyber threats evolve, s ..read more
Visit website
Understanding the HIPAA Security Rule
Blaze Information Security
by Ewelina Baran
9M ago
In an age where data breaches and cyber-attacks are increasingly commonplace, maintaining the integrity and confidentiality of sensitive patient health information is crucial. The Health Insurance Portability and Accountability Act (HIPAA) is the backbone of health information security and privacy in the United States. The HIPAA Security Rule is central among its many provisions, specifically designed to safeguard electronic protected health information (e-PHI). For compliance officers and cybersecurity personnel, understanding and implementing this rule is crucial to any healthcare organizati ..read more
Visit website
Why are teams turning to cybersecurity staff augmentation?
Blaze Information Security
by Ewelina Baran
11M ago
As cyber risks escalate, organizations are increasingly turning to staff augmentation services to combat cyber skills shortages and strengthen their cybersecurity strategy amidst growing digital threats. This method integrates skilled professionals into existing teams, enhancing agility and expertise to address the rapidly growing threat landscape. Staff augmentation is more than a trend; it’s a crucial strategic adjustment in cybersecurity planning. By utilizing external expertise and extended capabilities, companies significantly improve their IT security measures and bolster resilience agai ..read more
Visit website
How to write a solid pentest RFP: A guide for procurement
Blaze Information Security
by Julio Fort
11M ago
As cyber-attacks become more prevalent, sophisticated and frequent, internal audit teams, executive members of the board, C-suite, and other figures involved in the senior leadership of any mature organization are increasingly concerned about cybersecurity threats. Having a set of trusted partners to advise on cybersecurity matters, assess critical vulnerabilities and uncover your organization’s cyber risks is crucial. But how do you make sure you have chosen the right cybersecurity partner? One of the answers lies in crafting a solid Request for Proposal (RFP). This guide aims to equip procur ..read more
Visit website
Benefits of hiring third-party penetration testing
Blaze Information Security
by Ewelina Baran
1y ago
With technology embedded in every aspect of modern business operations and the sharp increase in cyber-attacks in recent years, maintaining a robust IT security posture isn’t just a luxury – it’s a necessity for business continuity. No longer is it adequate to merely react to security threats; organizations must stay ahead, anticipating potential vulnerabilities and addressing risks proactively. This introduces us to penetration testing – a critical component of cybersecurity assurance. While many organizations have robust internal security teams, the question arises: is it sufficient to rely ..read more
Visit website

Follow Blaze Information Security on FeedSpot

Continue with Google
Continue with Apple
OR