Penetration Testing Archives - Page 3 of 37

GenAI: Security Teams Demand Expertise-Driven Solutions

5 March 20255 March 2025 by Krishna

Generative AI (GenAI) refers to a subset of artificial intelligence technologies designed to create new content, such as text, images, videos, and even code, based on patterns and data fed into it. Unlike traditional AI systems that rely on predefined algorithms and data sets, GenAI models learn from vast amounts of data and can generate original outputs that resemble human-created content. These outputs can range from realistic-looking deepfakes to sophisticated malware and phishing schemes, making GenAI a powerful tool for both cyber defenders and attackers.

In the context of cybersecurity, GenAI’s potential is vast. It can be utilised for automating threat detection, creating advanced defence mechanisms, and developing incident response strategies. However, the same capabilities that make GenAI a valuable asset to security teams also make it an attractive tool for cybercriminals, who can use it to create new, more complex forms of cyber attacks.

Exploiting Google Calendar: How Cybercriminals Use Calendar Invites to Spread Malicious Links and What You Can Do to Defend Against It

4 March 20254 March 2025 by Krishna

In the context of cybersecurity, the growing trend of exploiting digital calendar platforms is part of a broader shift towards social engineering and phishing attacks. Traditionally, phishing emails were the go-to vector for spreading malware, but attackers have adapted to newer, more subtle methods of infiltration. By exploiting tools like Google Calendar, which are integral to the workflow of millions of users, attackers are finding ways to bypass conventional email filters and reach their targets with greater ease.

Penetration Testing OpenWRT: A Comprehensive Guide for Penetration Testers and Network Architects

27 February 2025 by Krishna

OpenWRT, while highly customisable, is not immune to the common security flaws that affect embedded devices. These can range from default configurations to poorly secured web interfaces

ACRStealer Exposed: How Cybercriminals Are Exploiting Google Docs for Malware Attacks

23 February 2025 by Krishna

What is ACRStealer?

ACRStealer is an **info stealer malware** designed to **extract sensitive information** from infected systems, including:

– **Antivirus identification** – determining which security solutions are present to evade detection.
– **Crypto wallet theft** – targeting stored cryptocurrency assets.
– **Login credentials theft** – stealing usernames and passwords for financial services, corporate accounts, and personal data.
– **Browser information extraction** – harvesting stored passwords, cookies, and browsing history.
– **File Transfer Protocol (FTP) credential theft** – compromising access to cloud and remote servers.
– **Text file harvesting** – reading and extracting information from text documents.

While information stealers are not new, **ACRStealer stands out** due to its **stealth tactics, sophisticated distribution, and abuse of legitimate cloud platforms**.

OWASP Top 10 API Security Risks – 2023: API10:2023 – Unsafe Consumption of APIs

21 February 2025 by Krishna

The term “unsafe consumption of APIs” refers to the practice where developers trust data received from third-party APIs more than they trust user input, leading to weaker security standards for the data coming from these integrated services. Typically, this occurs because third-party APIs are seen as more “trusted” than direct user input, so developers may not apply the same level of scrutiny or security measures when consuming data from these external sources.