Tenable ブログ
CVE-2025-64446: Fortinet FortiWeb Zero-Day Path Traversal Vulnerability Exploited in the Wild
Passive DNS Is the Wrong Way To Do Attack Surface Mapping
When identifying a corporate attack surface, passive DNS can be useful but it won’t be comprehensive by itself, so it should be part of a more holistic program.
Do Not Take an IP-centric Approach to Attack Surface Mapping
Relying on IP data to identify assets means you're likely missing critical information needed to map your attack surface.
Active Directory のプライマリグループ ID 攻撃: 関連する脅威をどう防御するか
The Primary Group ID in Active Directory, created to help manage access to sensitive resources, has become a critical vulnerability that attackers can exploit to escalate privileges without leaving a trace.The Primary Group ID in Active Directory was originally developed to support the UNIX POSIX…
Active Directory の Kerberos 認証前攻撃を阻止する方法
Here’s a look at how to safeguard your Active Directory from the known roasting attack on Kerberos Pre-Authentication.As part of the Kerberos authentication process in Active Directory, there is an initial request to authenticate without a password. This is an artifact left over from Kerberos…
High-Fidelity Attack Surface Mapping
Eliminate blind spots and hinder attackers using these three tips to create a high-fidelity map of your organization’s entire attack surface.
The ABCs of Azure Identity Governance Tools
Discover the main Azure mechanisms for governing identities and providing access permissions.
NetFlow is the Wrong Way to Do Attack Surface Mapping
If your organization relies on NetFlow data for asset management, you're likely overlooking vital information to map your attack surface.
Crawling Is the Wrong Way To Do Attack Surface Mapping
When analyzing methods to identify assets, crawling should be one tool in the toolbox, but not the only one. If you use crawling exclusively, you’ll likely miss a lot of assets.
AWS’s Access Analyzer Preview Access is Great — But Is It Enough?
Learn the ins and outs of the preview access capability in Access Analyzer.
営業チームに問い合わせる