The Y-Security service lines are divided into Attack Simulations, Penetration Tests and Security Trainings. Below you can find our TIBER in a Nutshell post which …
Writing a technical good report is just one key aim when it comes to formalizing a security report after a Penetration Test or Attack Simulation …
A lot has been said during our self-imposed 30 days embargo of our detection plugin for the Apache Log4j vulnerability. Now we would like to …
Y-Security recently took the challenge of mastering the Burp Suite Certification offered by the creators of the No. 1 Web Application Pentesting Tool Burp Suite, …
Various Azure Active Directory components can be used to export displayed data in CSV format. A few components were identified in which the generated CSV …
Microsoft Teams on Windows, Linux and the Web suffers from a CSV Injection vulnerability that could be exploited by an unauthenticated user.
Most have already heard about ransomware attacks, either in the news or as they have been affected by them. Did you known that ransomware attacks …
The notification widget of the Microsoft Azure Portal does not encode certain HTML characters. That allows us to inject HTML and JavaScript code into the …
TIBER is an acronym for Threat Intelligence-Based Ethical Red-Teaming. TIBER is a framework for adversary emulations and attack simulations that has been released by the …
Attack Simulations are known under a variety of names and variations like Red Team, Purple Team, Threat Simulation, Adversary Emulation or APT Simulation. They also …
Find out how we structure an end-to-end Attack Simulation against an organization and what the Blue Team can learn from it.
No, we won’t start another discussion about the ethics of disclosing security vulnerabilities to the public, but we need to discuss how Y-Security handles the …
At Y-Security we are specialized in performing Attack Simulations exercises, highly complex Penetration Tests and Security Trainings. Our focus is on our technical excellence provided …