Відео

In this episode, we discuss the blindspots of IP-centric approaches to asset discovery and the importance of understanding the full attack surface of an organization. We unpack the challenges posed by modern cloud architectures, load balancers, and WAFs, and how these can create blind spots in reconnaissance efforts. We also highlight the significance of subdomain data and passive DNS in uncove...

This week's episode dives deep into the concept of shadow exposure and how it relates to third-party software, often overlooked in discussions about shadow IT. We explore the historical context of shadow IT, its evolution, and the real risks associated with widely deployed enterprise software that organizations may not fully understand. Join us as we discuss: - The origins and implications of s...

Today, we explore the world of asset discovery and reconnaissance, particularly how these practices have evolved over time. Historically, discussions around reconnaissance have been overly simplistic and tool-centric, often focusing solely on the latest tools rather than the underlying principles and methodologies. Join us as we break down our approach to reconnaissance into five key elements: ...

In this episode, we dive into the technical complexities of DNS resolution in the context of ASM asset discovery. Join us as we discuss the challenges, implications, and solutions we have encountered while dealing with DNS resolution at scale. From DNS wildcards to security scanning considerations, we explore the importance of DNS data and its role in comprehensive reconnaissance. Our hosts, Mi...

Confusion in the Attack Surface Management Market - Surfacing Security Ep 6

Uncovering Critical Vulnerabilities in Magento: A Deep Dive - Surfacing Security Ep 5

What is "True" Attack Surface Management (ASM)? - Surfacing Security Ep 4

The Untold Story of Assetnote: Origins and Evolution - Surfacing Security Ep 3

A Deep Dive into Three ServiceNow Vulnerabilities (with Adam Kues) - Surfacing Security Ep 2

Chaining Three Bugs to Access All Your ServiceNow Data (Live Q&A) - Surfacing Security Ep 1

Bug Bounty Redacted #5: Second Order Subdomain Takeovers & Logic Bug DoS

Bug Bounty Redacted #4: Writing to S3 buckets & Insecure JWT Implementation

Bug Bounty Redacted #3: Hacking APIs & XSS, SQLi, WAF Bypass in a regional web application

Bug Bounty Redacted #2: Third Party Subdomain Takeover & Exposed Admin Interfaces

Bug Bounty Redacted #1: Exposed Redis and HAProxy