Resources
Evading Defender by Embedding Lua into Rust
I recently started learning about the world of game modding. I have always played games on a console, so modding was not something I ever...
The Cybersecurity Framework Gets a Facelift
NIST CSF 2.0 brings new content to broaden its audience and new tools to help ease implementation. By Jeffrey T. Lemmermann, CPA, CISA, CITP, CEH...
AI and Machine Learning in Threat Detection: Navigating Advancements and Challenges (Part 2)
In part one of this series, we discussed the evolving landscape of cybersecurity and the roles artificial intelligence (AI) and machine learning...
Beyond Vulnerability Scanning: Strengthening Perimeter Cybersecurity
Over the past 20-years, I’ve used every major vulnerability scanner. There are several great scanners on the market, and SynerComm has...
AI and Machine Learning in Threat Detection: Navigating Advancements and Challenges (Part 1)
With the help of artificial intelligence (AI) and machine learning (ML), cybercriminals are creating novel, sophisticated threats more frequently...
Attacks on Active Directory Certificate Services (AD CS) Explained – CypherCon 2024 Follow-up
This is a follow-up blog post from our CypherCon 2024 presentation. The slides are located here:...
Exploring Initial Access Methods #01 – Shortcuts and Tunnels to the Kingdom
Understanding the various methods and Tactics, Techniques and Procedures (TTP's) by which attackers gain initial access to systems is crucial for...
Continuous Pentesting and Its Many Names
Are you looking for a pentest? A continuous pentest? Or maybe attack surface management? We’ll never have a shortage of new terminology (and...
Strengthening Healthcare Defenses
In the dynamic realm of cybersecurity, the healthcare industry has become a prime target for malicious actors seeking to exploit vulnerabilities...
Spoofing Command Line Arguments to Dump LSASS in Rust
One of the popular methods for dumping LSASS is using the procdump.exe program from the Sysinternals Suite. Something like: procdump64.exe...
The Future of Business Applications and Data Center Access: Insights from SynerComm’s IT Summit
The recent 20th Anniversary of IT Summit was an eye-opener for tech enthusiasts, security professionals, and business leaders alike. This annual...
Navigating the Skies: TSA’s New Cybersecurity Requirements for Airlines
In today's increasingly digital world, the aviation industry is more reliant on technology than ever before. As aviation systems become more...
Creating a Rootkit to Inject into a Protected Process and Dump LSASS
In my last blog post, I discussed one method of dumping LSASS where we created a DLL that we injected into Task Manager. We could then create an...
DEF CON 31 and Building A Wi-Fi Deauthentication Detector
Going to DEF CON was a dream I never thought would come to fruition. I remember 2009 being in 8th grade. Reading a physical copy of the magazine...
Rotating Your Pentesting Vendor Is A Mistake!
Having sold and performed assessments and pentests for nearly 20 years, I’ve had plenty of opportunities to hone my strategy and messaging. One...