In the evolving landscape of web application development, template engines have become a cornerstone for creating dynamic, user-friendly interfaces. At Skyline Security, we recognize the importance of understanding both the functionality and the potential vulnerabilities associated with these tools. Server-Side Template Injection (SSTI) represents one such vulnerability, posing a significant risk to web applications. This […]
Here at Skyrim Security we offer a myriad of Penetration Testing services, and today we’ll delve into one specific type of test: the external penetration test. This method emulates a real-world attacker on the internet targeting your organization’s internet-facing assets. While we at Skyrim Security strictly follow the Penetration Testing Execution Standard (PTES) framework for […]
If you’re a member of the infosec community, chances are you’ve probably heard of the MITRE ATT&CK framework. However, despite its recognition, its intricacies might still not be fully understood. This blog aims to bridge that knowledge gap by providing an introductory explanation of what the MITRE ATT&CK framework is. We’ll delve into why it […]
For those uninitiated, ransomware is a form of malicious software that encrypts the victim’s files, effectively locking them out of their own data. The attacker then demands a ransom from the victim to restore access to their data upon payment. It’s cyber extortion, and it’s more prevalent and perilous than ever before. Why is Ransomware […]
At Skyrim Security, we’ve always believed in the power of technology to transform businesses and individuals. But with this power comes the responsibility to ensure its secure and responsible usage. As a dedicated provider of penetration testing, consulting, and auditing services, we recognize the importance of safeguarding digital landscapes against potential threats. That’s why we’re […]
In today’s rapidly evolving digital landscape, where cyber threats are becoming more sophisticated and prevalent, ensuring the security of your organization’s data and systems is of utmost importance. As cyberattacks continue to make headlines, businesses and institutions are increasingly recognizing the value of proactive cybersecurity measures. Among these essential security practices, penetration testing, or pentesting, […]
The purpose of this blog post is to give the reader a brief introduction to the Cyber Kill Chain. The Cyber Kill Chain is a seven-step model that outlines the stages of a typical cyber attack. Developed by Lockheed Martin, the Cyber Kill Chain is used by organizations to understand the various stages of a […]
Penetration Testing vs Red Team Engagement: Understanding the Differences When it comes to evaluating the security of a computer system or network, there are two common approaches: penetration testing and red team engagements. While these two terms are often used interchangeably, they are different in their objectives, scope, and methods. Penetration Testing A penetration test […]