Insights from the Attacker's Perspective

At Randori, we believe strongly in prioritizing what matters most. That's why today our (virtual) offices are empty. Ensuring every citizen has both

Credential Harvesting Made Easy – How Common Asset Discovery Configurations Are Enabling Hackers To Move Laterally

Our industry pays lots of attention to vulnerabilities and the need for patching. And yes, there is a need for this. But in

Vulnerability Analysis: CVE-2020-16898

Build Security Programs Resilient to Risk, Not the Latest Vulnerability

This Interview was originally published in the 2021 TAG Cyber Annual and is part of a collection of interviews with cybersecurity leaders. View

Attack Surface Management: Why Asset Management Is Only Half the Picture

The universe tends toward disorder, as quantum physicists say. And nowhere is this more true than in the world of IT. As companies

Improve the ROI of Your Vulnerability Management Program with Attack Surface Management

Vulnerability management is at a crossroads. Faced with exploding asset counts and a surge in the volume of new vulnerabilities, enterprises large and

Both defenders and attackers have a keen interest in understanding the attack surface for an organization — defenders must understand what is exposed so they can prioritize what to maintain and monitor — attackers must understand what is reachable so they can decide which services are available to compromise.

Building for Linuxes Old Enough to Buy a Pack of Smokes

At Randori, our automated attack platform emulates a realistic adversary. Real adversaries will often take advantage of targets of opportunity discovered on a network, even if those targets are not directly related to an objective.

EXPLOITING BIG-IP: Deconstructing this Simple but Effective RCE

If you're in enterprise security, chances are you're familiar with F5 BIG-IP and CVE-2020-5902. Used by 45% of Randori customers and thousands of organizations, it's a very common network appliance family and is famous for having ruined the July 4th plans of many security engineers and network administrators.

Avoid the Scramble: Reflections on CVE-2020-5902

If you were one of the many folks this weekend trying to figure out if you had a F5 BIP, if so how many, if the administration interface was exposed to the internet, if you knew where the logs were going and if you had enough visibility to know if it was being actively exploited you got pulled into a scramble and frankly… You f*cke up a long time ago.

The Randori Attack Team has successfully developed a POC for CVE-2020-2021 and has been able to confirm the severity of the vulnerability in local test and production environments.

“Side-Loading” Software in a Running Docker Container

At Randori, one way our automated attack platform operates is by bridging docker containers into remote network environments. The actual operation of this system is outside the scope of this article, but in short, a series of network tunnels within network tunnels provides us with a container with network traffic fully (and only) emerging into a remote network.

4 Takeaways from the SANS Attack Surface Management Conference

Randori Unveils Target Temptation Engine – Exposes Where Hackers Will Attack Organizations First

How COVID-19 Changed Security – A Look Back

Prioritizing What Matters – Democracy

Credential Harvesting Made Easy – How Common Asset Discovery Configurations Are Enabling Hackers To Move Laterally

Vulnerability Analysis: CVE-2020-16898 (Bad Neighbor)

Build Security Programs Resilient to Risk, Not the Latest Vulnerability

Attack Surface Management: Why Asset Management Is Only Half the Picture

Improve the ROI of Your Vulnerability Management Program with Attack Surface Management

Enumerating Subdomains with crt.sh

Building for Linuxes Old Enough to Buy a Pack of Smokes

EXPLOITING BIG-IP: Deconstructing this Simple but Effective RCE

Avoid the Scramble: Reflections on CVE-2020-5902

CVE-2020-2021: Post Exploit Analysis

“Side-Loading” Software in a Running Docker Container

Get an Attacker’s view of your organization