contact us see demo

White Papers

RS³ – RiskSense Security Score

The RiskSense platform ingests information from internal security intelligence (primarily vulnerability scanners), external threat data feeds, and business criticality data; all of this data is then aggregated and analyzed in order to calculate the RiskSense Security Score (RS³).

Download

Selecting a Threat and Vulnerability Management Solution

Risk is managed through the evaluation and reduction of its primary components, threats, and vulnerabilities. Probabilities of likelihood and occurrence are applied, along with understanding both hard and soft values of assets and the costs of prevention investments in people, processes, and tools versus the cost of post-breach remediation, mitigation, and cleanup activities.

Download

Election System Security Under Scrutiny

States are trying to determine the right balance between securing systems that are vulnerable to hacking, and those that are most vital to a secure and trustworthy election. It’s true that internet-connected systems, such as online voter registration tools and election night reporting systems, have a greater attack surface potential. However, it’s not until an end-to-end election system assessment is done that the true priority of vulnerabilities can be determined.

Download

KOADIC – COM Command and Control: A Post-Exploitation Tool

RiskSense is a cybersecurity company that specializes in penetration testing and real-time vulnerability management. RiskSense’s penetration test methodology uses an end-to-end risk demonstration approach where exploitation and post-exploitation of vulnerable hosts is used to identify the business-level impact of cyber-vulnerability across an organization’s infrastructure.

Download

DABomb – RiskSense’s Automated Exploitation Framework

RiskSense Attack Surface Validation helps identify and prioritize threats, providing clients with immediate results and allowing them to secure their business and assets. RiskSense’s services are geared to identify potential attack paths where layered vulnerabilities across diverse technologies allows for progressive business exposure.

Download

EternalBlue: Exploit Analysis and Port to Microsoft Windows 10

On April 14, 2017, the Shadow Brokers Group released the FUZZBUNCH framework, an exploitation toolkit for Microsoft Windows. The framework included ETERNALBLUE, a remote kernel exploit originally targeting the Server Message Block (SMB) service on older versions of Microsoft Windows. RiskSense analyzes the root cause vulnerability and requirements needed to port the exploit to the modern Microsoft Windows 10. RiskSense identifies the essential parts of the exploit and removes the DOUBLEPULSAR dependency, defeating detection rules previously recommended by numerous governments and antivirus vendors. This analysis helps defenders better understand the exploit chain so that they can build generic defenses for the exploit rather than the payload.

Download

Visualization Techniques for Efficient Malware Detection

Traditional tools for reverse engineering of binary and portable executable files are limited to heavy text-based output, thus requiring skilled analysts to use them. In this white paper, RiskSense cyber security experts share hands-on advice on techniques that will visualize portable executable files, which will help security analysts with basic skills to quickly understand their underlying structure.

Download
Time to Change: Changing Digital Distribution Demands

Time to Change: Changing Digital Distribution Demands

Last year saw an unprecedented, tectonic shift in our increasingly cyber-dependent world. From the major hacks including Equifax to nation-state sponsored attacks, the risks associated with cyber threats have only escalated. The question now is, if the security in place last year did not stop the attacks, how will it stop them this year? Can organizations truly build a defensive shield big enough and strong enough to ensure protection? Is “Cyber Security” an achievable status and when can you concluded your lottery has reached it?

Download

Cyber Risk Management: A New Approach to Responding to Complex Threats

Over the last few years, cyber threats have emerged as one of the most significant business risks facing organizations. While companies spend huge sums of money every year to maintain a security perimeter designed to fend off cyber and insider threats, daily reports of new data breaches are raising doubts about the effectiveness of these investments. This white paper features research from Forrester, as it relates to the top security technology trends to watch in 2018.

Download

Operationalizing Cyber Risk: How to Ensure Security is Aligned with the Business

Organizations will spend $92 billion on perimeter defenses this year, yet we will continue to see a growing list of high profile organizations breached. Why are today’s strategies so ineffective against ever-evolving adversaries? And what can security leaders do to ensure that their defenses are in lockstep with what matters most to their core business? This ISMG interview transcript with Dr. Srinivas Mukkamala showcases his unique perspective on why and how security leaders must shift their thinking from a vulnerability-based security strategy to one that is risk-based and aligned with the business.

Download
Prioritize Your Remediation Across a Growing Attack Surface

RiskSense

contact us at +1 505.217.9422

  • follow us