Cyberis offers a wide range of technical assurance services which can help you and your business achieve information security objectives. From Cyber Essentials assessments to in-depth advanced targeted attacks, Cyberis can provide the technical security knowledge and industry experience to identify and manage technical risks before these become a threat to your organisation.
All of our technical assurance offerings can be combined and tailored to your specific organisational or project requirements.
The Cyberis Incident Response Team (IRT) can be deployed to provide expert consulting and technical advice to help you manage a security incident from the initial detection to closure.
The Cyberis IRT will help you manage an entire incident, from a simple breach of policy to an estate-wide compromise, or work to the methodology within your organisation's incident response plan and as a colleague within your own incident response team.
At Cyberis, we believe in providing solutions to information security problems.
Drawing on years of experience within the information security arena, Cyberis has developed a number of solutions which will help our clients manage their risk and address common information security problems. We share many of our tools with the community via GitHub and our blog.
Our research is shared with vendors and trusted community groups such as ISSA, Security Research Information Exchange and CISP.
Cyberis is an innovative information security consultancy which was formed in 2011. Cyberis' founders have 30 years of experience between them working in the information security industry and are able to call upon a wide range of skills and abilities.
If you manage Microsoft Exchange and OWA in your environment and you are undergoing an external penetration test or Cyber Essentials assessment, you will often be faced with the Client Access Server Information Disclosure vulnerability identified by Nessus (https://www.tenable.com/plugins/nessus/77026) or other vulnerability scanners.
I find myself writing this blog today as there are only a few references on the internet to user enumeration attacks via timing discrepancies, despite almost every site I've tested in my career being vulnerable to the weakness.
The issue is fairly obvious from the title; an application log-in response takes differing amount of times depending on whether or not the user is valid. But why?
This is a technical blog post on using trusted online services as a delivery and command and control (C2) channels in simulated attack scenarios. Written by Geoff Jones - Director and Simulated Attack Specialist at Cyberis.
Larger organisations often employ reputational filtering of web traffic to defend against delivery of malicious code and the exfiltration of data if a compromise were ever to occur. It's an effective control provided by many next-generation firewalls and web proxies, including newer cloud-based solutions such as Zscaler.
| Email: | info@cyberis.co.uk |
| Tel (National): | +44 3333 444 800 |
| Tel (Tewkesbury): | +44 1684 530 000 |
| Fax: | +44 3333 444 801 |
| Address |
Cyberis Limited Unit E The Courtyard Tewkesbury Business Park Tewkesbury Gloucestershire GL20 8GD |