Welcome To The Team – Thore
The Scatter Swine
Let’s review attacks of the last weeks (well, months …) against users of a well-known…
Year-One-Ylights
Y-Security becomes One Year old – let’s celebrate! In July 2021 we’ve announced the launch…
TIBER in a Nutshell
The Y-Security service lines are divided into Attack Simulations, Penetration Tests and Security Trainings. Below…
Insights into Penetration Test & Attack Simulation Reports
Writing a technical good report is just one key aim when it comes to formalizing…
Blind Detection of the Log4j vulnerability en scale
A lot has been said during our self-imposed 30 days embargo of our detection plugin…
Looking at the Portswigger Burp Suite Certification
Y-Security recently took the challenge of mastering the Burp Suite Certification offered by the creators…
Microsoft Azure Portal – CSV Injection
Microsoft Teams – CSV Injection
Threat Simulation – Mimicking an APT
Most have already heard about ransomware attacks, either in the news or as they have…
Microsoft Azure Portal – Persistent Cross-Site Scripting
All You Need To Know About Threat Intelligence-Based Ethical Red-Teaming
TIBER is an acronym for Threat Intelligence-Based Ethical Red-Teaming. TIBER is a framework for adversary…
Insights Into Attack Simulations – Part 2
Attack Simulations are known under a variety of names and variations like Red Team, Purple…
Insights Into Attack Simulations – Part 1
Disclosure Policy
Y-Security – That’s us
At Y-Security we are specialized in performing Attack Simulations exercises, highly complex Penetration Tests and…