contact us

Reports

Dark Reality of Open Source thumb

The Dark Reality of Open Source Spotlight Report

Download Now

RT3 – Web and Application Framework Vulnerabilities

Episode 3 of the RiskSense Today podcast. A conversation discussing our latest Spotlight research on Web & Application Framework Vulnerabilities with RiskSense analyst Wade Williamson. See how development framework choices affect your threat exposure.

Download Now

Web and Application Framework Vulnerabilities Spotlight Report

An organization’s software stacks and web-facing applications are some of their most fundamentally important assets – and the most exposed to attack. This Spotlight Report examines popular languages and frameworks to see where vulnerabilities are most common, which vulnerabilities are weaponized the most, how to prioritize vulnerabilities based on real-world context, and more.

Download Now

RT1 – Ransomware in the Spotlight

Curious about Ransomware? Listen to this podcast featuring RiskSense CEO Srinivas Mukkamala as he talks about this epidemic.
– Learn about easy actions you can take today to fight ransomware
– How the risk of business disruption is getting more attention than data breach risk
– Future prediction of legislative changes regarding ransomware disclosure.

Download Now

Thinking Outside the National Vulnerability Database Box

Find out why relying on a single source of the truth is not a good idea. This technical report shows the increased risk that latency in NVD reporting has on scoring vulnerabilities using the Agency-Wide Adaptive Risk Enumeration (AWARE) methodology.

Download Now

Enterprise Ransomware Spotlight Report

This cross-family analysis of enterprise ransomware provides the industry’s most comprehensive analysis to date of how the world’s most destructive malware targets enterprises based on data and trends from the wild. Throughout the analysis we further highlight the vulnerabilities that are trending in real-world attacks based on RiskSense security research.

Download Now

Adobe Spotlight Report

This Spotlight report provides in-depth analysis of vulnerabilities and weaponization patterns across the entire family of Adobe products. By focusing on weaponization, we go beyond simply counting vulnerabilities, and instead reveal how popular software from a leading vendor becomes a beacon for attackers. The report includes more than 20 years of data from 1996 through 2018, allowing us to see long-term trends.

Download Now

Apache Struts Spotlight Report

In this Spotlight report, we analyze Apache Struts-related vulnerability weaponization patterns spanning the last decade. We also provide insight into exploit patterns and explain how these patterns can define an organization’s risk management strategy.

Download Now

KOADIC – COM Command and Control: A Post-Exploitation Tool

RiskSense is a cybersecurity company that specializes in penetration testing and real-time vulnerability management. RiskSense’s penetration test methodology uses an end-to-end risk demonstration approach where exploitation and post-exploitation of vulnerable hosts is used to identify the business-level impact of cyber-vulnerability across an organization’s infrastructure.

Download Now

DABomb – RiskSense’s Automated Exploitation Framework

RiskSense Attack Surface Validation helps identify and prioritize threats, providing clients with immediate results and allowing them to secure their business and assets. RiskSense’s services are geared to identify potential attack paths where layered vulnerabilities across diverse technologies allows for progressive business exposure.

Download Now

EternalBlue: Exploit Analysis and Port to Microsoft Windows 10

On April 14, 2017, the Shadow Brokers Group released the FUZZBUNCH framework, an exploitation toolkit for Microsoft Windows. The framework included ETERNALBLUE, a remote kernel exploit originally targeting the Server Message Block (SMB) service on older versions of Microsoft Windows. RiskSense analyzes the root cause vulnerability and requirements needed to port the exploit to the modern Microsoft Windows 10. RiskSense identifies the essential parts of the exploit and removes the DOUBLEPULSAR dependency, defeating detection rules previously recommended by numerous governments and antivirus vendors. This analysis helps defenders better understand the exploit chain so that they can build generic defenses for the exploit rather than the payload.

Download Now