Super Tanks lightweight threat model by 7ASecurity

7ASecurity publishes a lightweight threat model for Super Tanks, highlighting its defense-in-depth AI-agent governance architecture and practical hardening guidance for safer autonomous-agent operations.

P2PE vs E2EE: Stop Guessing and Start Securing Your App

P2PE vs E2EE compares two different encryption models. P2PE protects payment card data from the point of interaction to a secure decryption environment. E2EE protects content between communicating endpoints so intermediaries mustn’t read the plaintext. One isn’t universally better. The right model depends on the data flow, endpoint trust, key handling, compliance context, and where …

PCI Vulnerability Management: Find, Fix, Verify Cyber Risks

PCI vulnerability management is the process of finding, prioritising, fixing, and verifying weaknesses that affect payment environments. It supports PCI DSS v4.0.1, but it requires more than a scan schedule. Teams need asset scope, recurring scans, penetration testing, remediation ownership, and fix verification. Patching is only part of the answer. Teams need proof that the …

KEDA audit by 7ASecurity

7ASecurity shares results of a KEDA security audit: 15 security-impact findings (4 high), 5 hardening recommendations, SLSA supply-chain review, and future security guidance.

The Security Guide To WebDAV Servers And Exposed Methods

What Is a WebDAV Server? How It Works, Use Cases, and Security Risks A WebDAV server lets users access and manage files over HTTP or HTTPS. It supports remote workflows such as document editing, collaboration, and legacy publishing. Now, WebDAV isn’t automatically unsafe. It becomes a risk when exposed methods, weak authentication, broad permissions, or …

Iframe XSS: postMessage, CSP, Sandboxing, & Clickjacking

Iframe XSS Explained: Trust Boundaries, Messages, and Embedded Content Iframe XSS isn’t one single bug class. It can refer to XSS inside framed content, unsafe srcdoc, user-controlled iframe sources, weak postMessage handling, over-trusted widgets, or parent pages that trust child frames too much. The fix starts with trust boundaries: control iframe sources, sandbox untrusted content, …

Diamond Ticket vs Golden Ticket: Why Your SOC is Blind

A Diamond Ticket attack is a parasitic cryptographic forgery. It hijacks a legitimate Windows authentication flow. This grants an attacker stealthy, long-term access to your network. Unlike Golden Tickets, which are built from scratch and easily flagged by missing request logs, or Silver Tickets, which are limited to specific services, a Diamond Ticket modifies a …

We Audited Legacy WMIC Commands (Our Defensive Guide)

The removal of WMIC commands changes how you manage Windows, but the underlying security risks haven't gone away. While Microsoft has retired the old wmic.exe tool, the WMI system itself remains a primary target for fileless attacks and stealthy persistence. This guide provides essential translations to migrate your legacy WMIC tasks to secure PowerShell CIM …

Your Guide to Finding and Protecting the NTDS.dit Location

The NTDS.dit location is the primary target for any hacker looking to take total control of your organisation. This file is the central database for Active Directory. It contains every user account, group membership, and the encrypted password hashes for your entire domain. While the default file path (C:\Windows\NTDS\ntds.dit) is well-known, modern threat actors use …

Stop Hackers Abusing AD Explorer in Your Corporate Network

AD Explorer is an advanced admin tool used to manage and fix Active Directory databases. Yet, its powerful snapshot feature also helps attackers download your entire directory structure to analyse offline. Once the directory is extracted, hackers feed this data into graph tools like BloodHound to map paths to Domain Admin without triggering network alarms. …