A CISO’s Guide To Penetration Tests

Penetration testing (PT) has benefitted organisations for years. The increase in supply and demand of this is driven by a number of factors, including the sophistication of cyberattacks, and the volume and complexity of data.
Can Low Code-No Code and Security go together?

Low-Code No-Code (LCNC) platforms provide a graphical user interface (GUI) that allows users to create custom applications without the need to write code. These popular platforms contain pre-built templates, components, plugins, and themes to expedite the development process and cut costs.
Buhti Ransomware

On Feb 15, 2023, the OP Innovate incident response team responded to multiple ransom attacks being carried out simultaneously on US companies. Some were perpetrated by a new group named “Buhti”.
Broken Access Control in REST APIs – Shields Up 🛡️ !

Unfortunately, I have a long relationship with Broken Access Control (BAC) in most of its forms. As a research leader, I often encounter critical security flaws that have one thing in common – they are all the result of a bad access control design.
“Are you using Slack, WhatsApp, Telegram or other DM apps for work? congrats you are in a critical cyber risk”

As technology advances, we tend to think that advances in security should run in parallel. This is only partly true. End to-end encryption is now standard in instant messaging chats.
How I found a CVE in a 4 milion (!) active users of WordFence

One of our goals at OP Innovate is to protect our clients and partners at all times. During a recent penetration testing engagement, the testing scope included a WordPress website.
Under the hood of a Smishing campaign

Earlier today our OP Innovate research team received yet another Smishing attempt asking them to provide credit card details
The Art of the Red Team

This article pulls together some of the tactics and techniques used by OP Innovate researchers during a red team exercise. Please note, tools, tactics and techniques are described below for educational purposes only!
Email-based attacks in the COVID-19 era

Since life in the shadow of the Covid-19 pandemic became “new normal”, we at OP Innovate have seen an excess of business email compromises (BEC) incidents.
N3tw0rm IOCs

A new ransomware attack group called N3tw0rm is claiming to have penetrated the network of several Israeli companies included Veritas, an international shipping and logistics company