The Assured Blog: sharing our knowledge, news and events as well as writeups of best practice in cybersecurity.
In this paper I will reveal the discovery of wide-spread cases of request tunnelling in applications powered by popular servers including IIS, Azure Front Door and AWS' application load balancer including the creation of a novel detection technique that combined the recently popularized "Single-Packet Attack" with our ever-trusty HTTP desync techniques.
Common initial access attacks used to gain foothold in Microsoft cloud tenants.
Windows Recall was postponed by popular demand because of its security and privacy issues. Now it's back, but what has changed?
We performed a penetration test on HURIDOC's Uwazi, an open source database to securely manage eyewitness videos, testimonies, and other human rights documentation.
A 2023 retrospective by Assured Security Consultants on security assessments conducted, highlighting key IT infrastructure and Active Directory vulnerabilities, the impact of new regulations, and strategies for a more secure future.
Zabbix is a popular monitoriting tool used by many different organizations, which exposes file read and execute permissions and thus poses an interesting target for penetration testers and researchers.
A walkthrough of a couple of Google Cloud Platform (GCP) features with security recommendations and advice on how to configure your GCP environments.