This post provides a walkthrough of a privilege escalation to domain admin taking advantage of Veeam backups. Author: Roberto Soares (during his tenure at Blaze Information Security) In this blog post, we delve into a technical sequence of steps culminating in achieving control over a domain. This attack was executed with technical rigor, emphasizing the importance of conducting such activities strictly within authorized environments. The initial step involved utilizing the crackmapexec tool on a specific IP range provided by the client. This tool pinpointed which Windows machines were ac ..read more

As companies depend more on mobile apps for their fundamental activities, safeguarding these applications from possible risks and weaknesses is crucial. Therefore, conducting penetration testing on mobile applications is vital for any entity developing mobile apps for Android and iOS. At Blaze Information Security, we conduct various mobile app penetration testing assessments every year. Many of our first-time clients have numerous inquiries about the process – including how to prepare, what information the penetration testers need for an effective test, the tools used, testing strategies, typ ..read more

According to the new Atomico report, The State of European Tech, Europe currently has more than 3,900 growth-stage tech companies and 41,000 early-stage startups – and in the next five years, at least 25,000 more tech startups are expected to be formed. The US startup scene also has reasons to be optimistic in 2024, with investments expected to grow this year. Still, there are many challenges startups have to face, such as the growing number of cyberattacks. Recent findings, including those from Verizon’s 2023 Data Breach Investigations Report, indicate that small businesses are the target of ..read more

As businesses increasingly depend on web applications for their core operations, securing them against potential threats and vulnerabilities becomes essential. Penetration testing for web applications is thus vital for any organization developing or maintaining web-based services and SaaS applications. At Blaze Information Security, we conduct hundreds of SaaS and web application penetration testing assessments every year. We often encounter first-time clients with several questions about web application pen testing – particularly regarding preparation for these assessments, the type of inform ..read more

In healthcare, safeguarding patient data is not just a regulatory requirement but a cornerstone of trust and operational reliability. Recent statistics from the HHS Office for Civil Rights (OCR) show a significant rise in healthcare data breaches and cybersecurity incidents. Between 2018 and 2022, large data breaches reported to OCR increased by 93% (from 369 to 712), with a 278% surge in ransomware-related breaches. The Health Insurance Portability and Accountability Act (HIPAA) sets rigorous standards to safeguard sensitive patient information in the United States. As cyber threats evolve, s ..read more

In an age where data breaches and cyber-attacks are increasingly commonplace, maintaining the integrity and confidentiality of sensitive patient health information is crucial. The Health Insurance Portability and Accountability Act (HIPAA) is the backbone of health information security and privacy in the United States. The HIPAA Security Rule is central among its many provisions, specifically designed to safeguard electronic protected health information (e-PHI). For compliance officers and cybersecurity personnel, understanding and implementing this rule is crucial to any healthcare organizati ..read more

As cyber risks escalate, organizations are increasingly turning to staff augmentation services to combat cyber skills shortages and strengthen their cybersecurity strategy amidst growing digital threats. This method integrates skilled professionals into existing teams, enhancing agility and expertise to address the rapidly growing threat landscape. Staff augmentation is more than a trend; it’s a crucial strategic adjustment in cybersecurity planning. By utilizing external expertise and extended capabilities, companies significantly improve their IT security measures and bolster resilience agai ..read more

As cyber-attacks become more prevalent, sophisticated and frequent, internal audit teams, executive members of the board, C-suite, and other figures involved in the senior leadership of any mature organization are increasingly concerned about cybersecurity threats. Having a set of trusted partners to advise on cybersecurity matters, assess critical vulnerabilities and uncover your organization’s cyber risks is crucial. But how do you make sure you have chosen the right cybersecurity partner? One of the answers lies in crafting a solid Request for Proposal (RFP). This guide aims to equip procur ..read more

With technology embedded in every aspect of modern business operations and the sharp increase in cyber-attacks in recent years, maintaining a robust IT security posture isn’t just a luxury – it’s a necessity for business continuity. No longer is it adequate to merely react to security threats; organizations must stay ahead, anticipating potential vulnerabilities and addressing risks proactively. This introduces us to penetration testing – a critical component of cybersecurity assurance. While many organizations have robust internal security teams, the question arises: is it sufficient to rely ..read more

Penetration test is a simulated cyberattack against a computer system performed to evaluate its security. By intentionally seeking out vulnerabilities – be it in software, hardware, or even human processes – this practice offers invaluable insights into potential threats. Given the growing emphasis on cybersecurity, many businesses are in a rush to incorporate penetration testing into their defenses. This urgency, coupled with budgetary constraints, often propels them towards services labeled as “affordable penetration tests” or “cheap penetration test”. It’s tempting, of course. Who wouldn’t ..read more