TRAININGSERVICESEXPERTS BLOGLET'S TALK

Fortalice

Microsoft Exchange Zero Day Advisory
Microsoft Exchange Zero Day Advisory
Fortalice Solutions

Two vulnerabilities for hosted Microsoft Exchange servers (CVE-2022-41040, CVE-2022-41082) have been identified as currently being exploited in organization environments. The vulnerabilities only exist within hosted (on premise) exchange servers and Microsoft reports the Microsoft Exchange Online has protections in place. Many clients have migrated their user base to Exchange Online or Microsoft Office365 but there may still be Exchange servers operating in the environment, being used for mail relays and other IT functions.

Fortalice Solutions Announces Commitment to Growing Global Cybersecurity Success by Becoming a Cybersecurity Awareness Month 2022 Champion
Fortalice Solutions Announces Commitment to Growing Global Cybersecurity Success by Becoming a Cybersecurity Awareness Month 2022 Champion
Fortalice Solutions

Fortalice Solutions is proud to announce it has signed on as Champion for Cybersecurity Awareness Month 2022. At Fortalice Solutions, we believe preparation is the best strategy to protect organizations from cyber threats and crime. We transform a reactive security model into a proactive, results-based model of protection. Fortalice Solutions, led by the first woman to serve as White House Chief Information Officer, Theresa Payton, is comprised of passionate practitioners who provide organizations with clarity of priority, approach, and security design.

Fortalice Solutions Announces New Partners
Fortalice Solutions Announces New Partners
Fortalice Solutions

Fortalice Solutions CEO and Founder, Theresa Payton has announced the promotion of Bridget O’Connor and Melissa O’Leary to the position of Partner of Fortalice Solutions.

As Premiums Skyrocket, Cyber Insurance Companies Use Open-Source Intelligence to Assess Clients
As Premiums Skyrocket, Cyber Insurance Companies Use Open-Source Intelligence to Assess Clients
Blue Team

Fortalice Client Advisory: New Bank Cybersecurity Incident Reporting Rules
Fortalice Client Advisory: New Bank Cybersecurity Incident Reporting Rules
Fortalice Solutions

Fortalice Client Advisory on Twilio Breach
Fortalice Client Advisory on Twilio Breach
Fortalice Solutions

Pegasus Attacks, iOS 16, and Lockdown Mode
Pegasus Attacks, iOS 16, and Lockdown Mode
Fortalice Solutions

Fortalice Solutions Offensive Security Partnership with Immaculata University
Fortalice Solutions Offensive Security Partnership with Immaculata University
Fortalice Solutions

Keeping Up with the NTLM Relay
Keeping Up with the NTLM Relay
Matthew Creel

Back in when I was getting started as a junior pentester, I vividly remember reading @byt3bl33d3r's 2017 post: Practical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes). I still recommend checking this out if you haven't already - it will cover the basics of NTLM relaying and background on some of the confusing pieces ([Net]NTLMv1/2 anyone?) that there's no need for me to repeat here. There's also a plethora of other great NTLM relay blogs and resources that I'll try to link to throughout this post, while I attempt to touch on the ever growing library of NTLM relay uses after 2021 introduced several new relay vectors.

Apple AirTag Tracking Without Consent
Apple AirTag Tracking Without Consent
TrackerPayton

Triple Threat 2022-2023 Cybersecurity Predictions
Triple Threat 2022-2023 Cybersecurity Predictions
TrackerPayton

MacOS password recovery on a disk with FileVault 2 encryption
MacOS password recovery on a disk with FileVault 2 encryption
Fortalice Solutions

Disinformation, Misinformation and Manipulation Campaigns: A How to Guide for Creating an Organizational Incident Response Playbook and Managing Reputational Risk
Disinformation, Misinformation and Manipulation Campaigns: A How to Guide for Creating an Organizational Incident Response Playbook and Managing Reputational Risk
TrackerPayton

Demystifying Penetration Testing Pricing
Demystifying Penetration Testing Pricing
Kyle Macken

A How to Guide for Creating an Organizational Incident Response Playbook and Managing Reputational Risk
A How to Guide for Creating an Organizational Incident Response Playbook and Managing Reputational Risk
TrackerPayton

Colonial Pipeline Ransomware Breach: How to Protect Your Assets
Colonial Pipeline Ransomware Breach: How to Protect Your Assets
TrackerPayton

In the News: US Federal Data Breach Legislation
In the News: US Federal Data Breach Legislation
TrackerPayton

Mimecast Advisory
Mimecast Advisory
Blue Team

The notification provided to Mimecast from Microsoft indicated that several certificates issued by Mimecast had been compromised by a sophisticated threat actor.

Fortalice Interview with an Expert: CEO Theresa Payton
Fortalice Interview with an Expert: CEO Theresa Payton
TrackerPayton

Fortalice CEO & Founder Theresa Payton discusses the Fortalice difference and her new book, Manipulated Inside the Cyberwar to Hijack Elections and Distort the Truth.

What is Fortified Security?
What is Fortified Security?
TrackerPayton

Fortalice delivers fortified security through the following four pillars: Preparation, Response, Education, Partnership

Categories
Client Advisory
Defensive Perspectives
Offensive Perspectives
Executive Perspectives
Recent Posts
Microsoft Exchange Zero Day Advisory
Fortalice Solutions Announces Commitment to Growing Global Cybersecurity Success by Becoming a Cybersecurity Awareness Month 2022 Champion
Hunting Resource-Based Constrained Delegation in Active Directory