Blog
Insights From Cybersecurity Experts
Why Network Changes Keep Failing (And How to Fix It)
"One typo, one line of code, and it's the CEO calling at midnight asking why the business stopped." This nightmare scenario plays out more often than anyone would like to admit in enterprise...
Proactive and Persistent: How SynerComm’s Pentest Playbooks and the CASM® Platform Enable Continuous Penetration Testing
In today’s cybersecurity landscape, vulnerabilities evolve faster than ever, and attackers exploit them at unprecedented speed. To help organizations stay ahead, SynerComm has developed a...
Continuous Penetration Testing Powered by CASM®
Welcome to the future of cybersecurity, where Continuous Penetration Testing (CPT) meets the cutting-edge technology of Cyber Asset Attack Surface Management (CAASM) – a dynamic duo that's...
Western Bank Alliance Case Study
Western Alliance Bancorporation (NYSE: WAL) is one of the country’s top-performing banking companies. Its primary subsidiary, Western Alliance Bank, Member FDIC, offers a full spectrum of tailored...
Evading Defender by Embedding Lua into Rust
I recently started learning about the world of game modding. I have always played games on a console, so modding was not something I ever pursued. However, after picking up the PC version of my...
The Cybersecurity Framework Gets a Facelift
NIST CSF 2.0 brings new content to broaden its audience and new tools to help ease implementation. By Jeffrey T. Lemmermann, CPA, CISA, CITP, CEH In 2013, the National Institute of Standards...
AI and Machine Learning in Threat Detection: Navigating Advancements and Challenges (Part 2)
In part one of this series, we discussed the evolving landscape of cybersecurity and the roles artificial intelligence (AI) and machine learning (ML) play in the security space today. Here in part...
Beyond Vulnerability Scanning: Strengthening Perimeter Cybersecurity
Over the past 20-years, I’ve used every major vulnerability scanner. There are several great scanners on the market, and SynerComm has continually used one of them from its free GNU public license...
AI and Machine Learning in Threat Detection: Navigating Advancements and Challenges (Part 1)
With the help of artificial intelligence (AI) and machine learning (ML), cybercriminals are creating novel, sophisticated threats more frequently and with fewer resources than ever before. These...
Attacks on Active Directory Certificate Services (AD CS) Explained – CypherCon 2024 Follow-up
This is a follow-up blog post from our CypherCon 2024 presentation. The slides are located here: https://x.com/TheL0singEdge/status/1776101737461399780 Active Directory Certificate Services (AD CS)...
Exploring Initial Access Methods #01 – Shortcuts and Tunnels to the Kingdom
Understanding the various methods and Tactics, Techniques and Procedures (TTP's) by which attackers gain initial access to systems is crucial for developing robust defense mechanisms. Initial access...
Continuous Pentesting and Its Many Names
Are you looking for a pentest? A continuous pentest? Or maybe attack surface management? We’ll never have a shortage of new terminology (and acronyms) to learn and understand. When evaluating...
Strengthening Healthcare Defenses
In the dynamic realm of cybersecurity, the healthcare industry has become a prime target for malicious actors seeking to exploit vulnerabilities and gain unauthorized access to sensitive data....
Spoofing Command Line Arguments to Dump LSASS in Rust
One of the popular methods for dumping LSASS is using the procdump.exe program from the Sysinternals Suite. Something like: procdump64.exe -accepteula -ma -o dumpfile.dmp However, Microsoft is well...
The Future of Business Applications and Data Center Access: Insights from SynerComm’s IT Summit
The recent 20th Anniversary of IT Summit was an eye-opener for tech enthusiasts, security professionals, and business leaders alike. This annual two-day event brings together IT leaders from across...