maldevel ☣

Η 3η και τελευταία μέρα της Beyond Expo 2026 ξεκινά! Σας περιμένουμε όλους σήμερα, 10:00 π.μ. – 7:00 μ.μ., στο HALL 3 | Stand E14, για να συζητήσουμε από κοντά για το Offensive Security και τις σύγχρονες προκλήσεις στον χώρο της κυβερνοασφάλειας. Ένα μεγάλο ευχαριστώ σε όλους όσοι μας επισκέφθηκαν τις δύο προηγούμενες ημέρες, πελάτες, συνεργάτες και new connections. Ήταν χαρά μας να ανταλλάξουμε ιδέες, ανάγκες και προοπτικές συνεργασίας. #BeyondExpo2026 #OffensiveSecurity #Cybersecurity #InfoSec #BeyondExpo #RedTeam #OffSec #PenTest #Logisek

Η #LOGISEK συμμετέχει στη BEYOND 2026, τη Διεθνή Έκθεση Τεχνολογίας και Καινοτομίας. Metropolitan Expo Athens 17-19 Ιουνίου 2026 10:00 π.μ. - 7:00 μ.μ. HALL 3 | Stand E14 Σας περιμένουμε! #Βeyond2026 #Logisek #BEYONDExpo2026 #Cybersecurity #OffensiveSecurity #Redteam #Innovation #Technology #Software #DigitalTransformation #BusinessSoftware #Networking #GreeceInnovation

The #Workstation Behind the Crown Jewel Most #OT #security conversations start with the PLC. That makes sense, but attackers often ask a different question: "Which system already has the tools, trust, and context to control it?" The most revealing system is often not the controller. It is the #engineering workstation sitting quietly beside it, holding the logic, tools, and access everyone trusts. --- The Trusted #Bridge Attackers Want In many #industrial environments, the engineering workstation is not just another endpoint. It is the system used to configure, troubleshoot, maintain, and program controllers. It may contain project files, vendor software, saved connection profiles, historical backups, controller logic, USB workflows, license tools, and privileged access into sensitive OT networks. In practical terms, compromising the system that programs the #controller can be more dangerous than attacking the controller directly. --- Why Context Beats #Exploitation If attackers compromise an engineering workstation, they may be able to open a legitimate vendor application, load an existing project, connect through saved settings, and follow normal maintenance workflows. That gives them three things defenders should care deeply about: context, tooling, and trust. Project files can reveal logic, tag structures, IP addresses, device names, process assumptions, safety interlocks, and network paths. Saved credentials and shared engineering accounts can reduce the need for exploitation. USB workflows and vendor support access can create quiet movement paths between IT, vendors, and OT. --- What Safe #Offensive #Testing Should Prove A strong engineering workstation assessment does not need to disrupt #production or modify live controller logic. It should safely answer questions like: - Can non-engineering users access project files? - Are credentials stored in vendor tools or remote clients? - Are shared accounts still active? - Can the workstation reach controllers, HMIs, historians, or license servers? - Are engineering actions visible in logs and change-control workflows? The goal is not reckless exploitation. The goal is attack-path clarity. - Instead of only asking, "Can someone exploit the PLC?" - Ask, "What could an attacker do if they compromised the workstation used to program the PLC?" - logisek.com #CyberSecurity #RedTeam #PenTest #InfoSec #OffSec #OTSecurity #IndustrialCybersecurity #SecurityMindset #OffensiveSecurity #Logisek

#Finding Is Not the Finish Line In #OT #offensive #security, proving a weakness exists is only the beginning. The real value starts when that finding is translated into what it could mean for production, safety, uptime, and recovery. Your OT risk register should not be a list of vulnerabilities. It should be a map of operational consequences. --- #Consequence Beats Severity In IT, criticality often follows exploitability, privilege escalation, or data exposure. In OT and #SCADA environments, the impact picture is different. A "medium" issue can become a serious operational risk if it affects production visibility, remote maintenance, batch control, safety monitoring, or recovery. CVSS alone cannot explain whether a weakness could delay operations, confuse operators, or disrupt trusted workflows. --- #Attack #Paths Need Business Context Weak credentials, exposed interfaces, poor segmentation, and limited monitoring may look like separate findings. Together, they can form a realistic path from initial access to operational disruption. That is why business context matters. A finding becomes meaningful when it is tied to the workflow, asset, or operational dependency it could impact. Could this path affect operator visibility? Could it delay maintenance? Could it interfere with recovery? Could it create confusion during a production window? --- The Best Deliverable Is a #Roadmap Strong OT #consulting helps teams decide what to fix now, what needs a maintenance window, what requires compensating controls, and what belongs in a longer-term resilience plan. In OT security, the best question is not "What did we find?" It is: "What should we do next, and why?" - logisek.com #CyberSecurity #RedTeam #PenTest #InfoSec #OffSec #OTSecurity #SCADA #IndustrialCybersecurity #SecurityMindset #Logisek

Controls Fail Where #Assumptions Begin A security control only matters if it holds when an attacker follows the path everyone believed they would never find. That is where real maturity is proven. Most organizations have the right security technologies somewhere in the stack: #PAM, segmentation, monitoring, #EDR, #SIEM, access reviews, response playbooks. But attackers do not move through #architecture diagrams. They move through trust relationships, stale credentials, #vendor access, over-permissioned accounts, and operational shortcuts. One exposed third-party credential can be enough to test the whole model. --- When "Contained" Is Only a Belief On paper, #segmentation may look strong. PAM may appear to protect privilege. Monitoring may show coverage. Response teams may have documented escalation paths. But the real question is not whether these controls exist. If a compromised vendor credential reaches a poorly configured PAM environment, and privileged access is broader than expected, lateral movement quickly exposes the difference between control ownership and control effectiveness. --- #RedTeaming Tests the Assumption Layer Red teaming and #adversary #simulation show whether identity controls, segmentation, detection logic, and response processes work under pressure. They also reveal the weak joins between systems, teams, vendors, and business processes. Do not only validate that controls are deployed. Validate that they hold when chained together in the way an attacker would actually use them. - logisek.com #CyberSecurity #RedTeam #PenTest #InfoSec #OffSec #SecurityMindset #OffensiveSecurity #AdversarySimulation #IdentitySecurity #Logisek

25 Years of #Cybersecurity: From Y2K to AI For 25 years, @netweek_gr has been following the evolution of cybersecurity, from the uncertainty of Y2K to today’s AI-driven threat landscape. The new issue looks back at a quarter century of constant change, growing risks, and the technologies that shaped the way organizations defend their digital assets. The feature highlights how cybersecurity has transformed from a niche technical concern into a strategic priority for every business. It also explores the challenges ahead, from ransomware and cloud security to artificial intelligence and the next generation of cyber threats. We invite you to read the new issue of netweek and discover this special tribute to 25 years of cybersecurity, sponsored by @logisekict. - issuu.com/boussiasmedia/… #Logisek #Netweek #Cybersecurity #CyberSecurityAwareness #AIsecurity #CyberThreats #InfoSec #DigitalSecurity #CyberDefense #Ransomware #CloudSecurity #Technology #SecurityAwareness

Η επίθεση ωρίμασε πρώτη In the new issue of @netweek_gr , Thanasis Karpouzas, discusses how offensive security has evolved over the last 25 years. From exposed servers, SQL Injection and perimeter-based security, to cloud, SaaS, APIs, identity attacks and AI-assisted threats, the article highlights a key reality: security is no longer only about the perimeter. It is about continuously testing real attack paths, validating controls, and turning findings into meaningful action. The piece explains why modern offensive security must go beyond assumptions and checklists. Today, organizations need practical evidence, clear reporting, continuous validation and collaboration between red teams, blue teams and business stakeholders. We invite you to read the new issue of netweek and explore how controlled #OffensiveSecurity helps organizations understand exposure, improve resilience and prepare for the threats of tomorrow. - issuu.com/boussiasmedia/… #Logisek #Netweek #OffensiveSecurity #Cybersecurity #PenetrationTesting #RedTeam #SecurityTesting #AttackSurface #CloudSecurity #IdentitySecurity #APIsecurity #InfoSec #AIsecurity

#Cloud #Security Must Be Proven Cloud adoption has moved faster than cloud assurance. An environment is not secure because it is live, documented, or approved. It is secure only when someone has challenged how it can fail. A forgotten access key, an exposed storage bucket, a permissive IAM role, or an open management port can become the beginning of a serious compromise. --- Across #cloud #configuration #reviews and #penetration #tests, the same patterns appear again and again: - Overly permissive IAM with wildcard access. - Public buckets, blobs, snapshots, and backups. - Management ports, databases, and Kubernetes APIs exposed too broadly. - Long-lived secrets in repositories, pipelines, or developer machines. - Weak logging that confirms the breach only after the damage is done. Cloud security cannot stop at configuration checklists. Reviews help identify what is obvious. Cloud penetration testing validates what is dangerous. --- The #Defensive #Mindset - Continuously review IAM. - Enforce least privilege. - Remove public exposure by default. - Rotate and monitor secrets. - Test cloud attack paths. - Validate logging, detection, and response. Cloud security is about proving what your environment can withstand, not assuming it is safe because it supports the business every day. The real risk often lives in the areas we did not have time to challenge, question, or test deeply enough while focused on keeping critical operations running. logisek.com #CyberSecurity #CloudSecurity #PenetrationTesting #RedTeam #InfoSec #OffSec #IAMSecurity #DevSecOps #Logisek

Network First, Testing Second In #OT and #SCADA #security, the first #offensive move should not be a scan. It should be understanding what the network is quietly telling you. The Real Risk Is in the #Architecture One of the biggest mistakes in OT security is treating industrial environments like IT networks with unfamiliar protocols. They are not. A #PLC, #HMI, #historian, engineering workstation, vendor #VPN, jump host, or backup server may not just be another asset. It may be part of a production process, a fragile legacy dependency, or a trusted pathway into critical operations. --- #Asset #Inventory Is Offensive Security A meaningful OT #assessment starts with knowing what exists. Not an outdated spreadsheet, but a real view of assets, communication flows, network devices, remote access points, firewall rules, and trust relationships. In OT, the attack path is often hidden in the architecture: a flat route between zones, vendor access landing too deep, engineering tools reaching too many PLC networks, or backups exposing project files and process context. --- #Passive #Discovery Before Aggressive Testing Listening to traffic, reviewing configurations, mapping conduits, validating asset lists, and understanding normal behavior should come before noisy testing. Once the map is built, the right questions become sharper: Can IT reach OT through an approved path? Can vendor access bypass monitoring? Can the SOC detect suspicious activity around historians, jump hosts, or engineering workstations? --- Real OT offensive security is not about proving a controller can be disrupted. It is about understanding the environment deeply enough to identify paths that could become operational risk. You cannot protect what you cannot see. You also cannot safely test what you do not understand. - logisek.com #CyberSecurity #RedTeam #PenTest #InfoSec #OffSec #OTSecurity #SCADA #SecurityMindset #OffensiveSecurity #Logisek

#OT #Security Should Not Break #Operations In OT and #SCADA environments, a #security assessment should reduce risk, not create it. If testing disrupts production, safety, or process stability, the assessment has already failed. Your OT security program should not be judged by how many vulnerabilities it finds. It should be judged by how safely it identifies the risks that could stop operations. --- Why OT Requires a #Different #Mindset #Industrial environments are not traditional IT networks with different labels. Availability, safety, continuity, and operational stability are core requirements. That means aggressive penetration testing against production PLCs, controllers, or critical assets should never be the default starting point. The objective is not to "break" the environment. The objective is to understand realistic cyber risk without putting operations at risk. --- The Three Questions That Matter A strong OT #security #assessment should answer three practical questions: - Who can access the OT environment? - Where could an attacker enter from? - If they get in, how far could they move before being detected? To answer those questions, the assessment must look beyond the PLC. The real risk often sits around the industrial ecosystem: SCADA systems, OT networks, engineering workstations, historians, VPNs, remote access tools, vendor accounts, SaaS integrations, cloud connections, exposed services, credentials, and operational processes. --- ⚠️ Risk Often Starts Outside the Controller In many environments, the highest-risk issue is not inside the controller itself. It may be weak remote access, poor IT/OT segmentation, excessive vendor privileges, shared credentials, unmanaged cloud integrations, or limited monitoring between enterprise and operational networks. That is why a safe assessment starts with architecture, access paths, trust relationships, and realistic attack routes from IT, cloud, remote access, and third parties toward OT systems. --- Test Safely, Remediate Practically Testing may include external attack surface review, SaaS and API penetration testing, segmentation validation, remote access review, and controlled internal attack path analysis. For #PLCs and critical OT assets, testing should remain OT-safe: passive discovery, configuration review, and non-intrusive validation unless there is approved scope, a maintenance window, rollback plan, or lab environment. The final output should not be a vulnerability dump. It should be a remediation roadmap: what to fix first, what needs planning, what involves vendors, and what belongs in the next 30, 60, and 90 days. OT security is not about proving systems can be broken. It is about reducing risk while protecting operations. - logisek.com #CyberSecurity #RedTeam #PenTest #InfoSec #OffSec #OTSecurity #SCADA #SecurityMindset #OffensiveSecurity #Logisek

Time-to-Compromise Wins Every Time Most organizations track visibility. Attackers track velocity. That difference is why many environments are compromised long before defenders fully understand what’s happening. Most security metrics reassure executives while attackers continue moving uninterrupted inside the environment. Visibility without resistance creates a dangerous false sense of maturity. --- The Illusion of #Coverage Security programs often measure success through telemetry: - More EDR coverage - More alerts - More dashboards - More logs But #attackers care about one metric only: "How quickly can we reach the objective?" --- ⚡ Modern #Intrusions Are Systematic Post-exploitation is no longer experimental. Attack paths are predictable because enterprise architectures are predictable. Once initial access is achieved, the progression is usually efficient: - Enumerate Active Directory and reachable systems - Harvest credentials and tickets - Reuse identity trust paths - Move laterally through legitimate protocols - Escalate privileges through delegation and ACL abuse --- #Detection Is Happening Too Late During #RedTeam engagements, one pattern appears repeatedly: - Detection eventually occurs. - Containment rarely occurs in time. By the time alerts trigger on credential dumping or suspicious authentication behavior, attackers have often already: - Expanded access - Established persistence - Reached critical systems --- 🛡️ #Security Must Buy Time Mature security programs are engineered to slow attackers down. - Segmentation reduces lateral movement speed - Credential protections limit privilege reuse - Detection engineering correlates behavioral chains, not isolated events - Identity hardening breaks deterministic attack paths - logisek.com #CyberSecurity #RedTeam #PenTest #InfoSec #OffSec #SecurityEngineering #DetectionEngineering #SecurityMindset #OffensiveSecurity #Logisek

#Smishing Starts With Trust The most dangerous scams do not always look #suspicious. Sometimes, they arrive as a simple text message from a name you already trust. Your employees do not need to fall for a complex #exploit to create business risk. Sometimes, one convincing SMS is enough to start an account takeover. --- The #Trap Behind a "Legitimate" #SMS You receive a message from your bank, a delivery company, a phone provider, or a familiar online service. It says your account is locked, your package is delayed, your payment failed, or suspicious activity was detected. The message feels urgent. The link looks close enough. The request sounds routine. That is smishing. Smishing is #phishing through SMS, and it works because attackers understand human behavior as well as technology. They use timing, fear, curiosity, and trust to push people into acting before they verify. --- 🔗 The Link Is Only Part of the #Attack A smishing message often asks you to "verify your account", "confirm your delivery address", "pay a small fee", "reset your password", "approve a transaction", or "enter your one-time passcode". None of these requests feel unusual in isolation. That is the problem. If the message matches something happening in your life, such as waiting for a parcel or receiving a bank alert, your guard drops. Attackers rely on that moment of context to make the scam feel real. --- Slow Down, Then Verify The strongest #defense is not panic. It is pause. Do not click links in unexpected SMS messages. Do not call numbers provided in suspicious texts. Do not enter passwords, card details, addresses, or one-time codes through a link sent by SMS. Instead, open the #official app, type the website yourself, or call the number printed on your card or statement. If the message is #fake, delete it, block the sender, report it where possible, and warn others. A short text can create urgency in seconds. A short pause can stop account takeover, fraud, and identity theft. - logisek.com #CyberSecurity #Smishing #Phishing #InfoSec #PenTest #RedTeam #OffSec #SecurityMindset #OffensiveSecurity #Logisek

The Privilege Problem Most breaches don’t become critical because of the initial compromise. They become critical because of what the attacker is allowed to do next. --- #Privilege Changes Everything In many #RedTeam and #PenetrationTesting engagements, low-privileged access is only the beginning. The real objective is understanding how permissions, trust relationships, and delegated access can be chained together. And surprisingly, these paths rarely depend on sophisticated exploits. They emerge naturally over time. Access expands. Legacy permissions remain. Temporary exceptions become permanent architecture. Individually, none of these decisions appear dangerous. Collectively, they create invisible escalation paths across the environment. --- #Abuse Over #Exploitation One of the hardest realities in modern security is this: #Attackers often do not need to exploit vulnerabilities at all. They simply operate within legitimate mechanisms: - Authentication workflows - Delegation models - Misaligned access controls - Trusted relationships between systems From the infrastructure’s perspective, everything looks normal. From the attacker’s perspective, it’s a roadmap. --- ⚙️ Least Privilege Is Not #Static Least privilege is not a one-time configuration exercise. It requires continuous validation. Organizations that genuinely reduce risk are the ones that continuously test privilege boundaries, review delegated access, and identify escalation chains before adversaries do. Because the real question is not: "Who has access?" It’s: "What can that access become?" - logisek.com #CyberSecurity #InfoSec #OffSec #RedTeam #PenTest #PrivilegeEscalation #SecurityArchitecture #SecurityMindset #OffensiveSecurity #Logisek

🎭 The #Attack With a Real Login Page This technique is called #device code phishing, or OAuth device code flow abuse. It abuses the #OAuth 2.0 device authorization grant, originally designed for devices with limited input, like smart TVs, IoT devices, and CLI tools. The device shows a code, the user visits a verification URL, enters the code, and authenticates the device. Microsoft implements this at microsoft.com/devicelogin. Attackers weaponize that trust. They initiate a legitimate device code request against Microsoft’s identity platform, often impersonating apps like Microsoft Office, Teams, or Azure CLI. Microsoft returns a real code, usually valid for around 15 minutes. The victim is then asked to "verify their identity" or "join a Teams meeting" by entering that code on Microsoft’s real login page. --- 🧨 Why #MFA Still Passed When the user completes the flow, they are not logging into their own session. They are authorizing the attacker’s session. #Microsoft then issues access and refresh tokens to the attacker-controlled polling endpoint. Those tokens can provide access to mailboxes, SharePoint, Teams, and federated apps. MFA passes because the user genuinely authenticated. Conditional Access may pass because the interaction appears to come from the user’s real device and location. Anti-phishing training fails because there is no fake domain to spot. Microsoft has reported active device code phishing campaigns by Storm-2372, a threat actor assessed as likely aligned with Russian interests, active since August 2024 and observed targeting organizations through 2025. --- 🛡️ The Fix Is #Configuration, Not More Posters Block device code flow by default in Entra ID using Conditional Access authentication flow controls. Allow it only for specific users, apps, or scenarios that truly need it, such as kiosks or legacy CLI workflows. Then alert on every successful device code authentication. In most environments, this should be rare, predictable, and easy to investigate. - logisek.com #CyberSecurity #RedTeam #PenTest #InfoSec #OffSec #SecurityMindset #OffensiveSecurity #CloudSecurity #IdentitySecurity #Logisek

#Threats Change. Foundations Don’t. Every week there’s a new headline. Tomorrow, something else entirely. But here’s the uncomfortable truth: most breaches don’t need new threats, they exploit old, well-known weaknesses that were never properly addressed. AI just makes it faster, attackers move faster, while you keep operating at the same pace. Instead of reacting to every new name in the threat landscape, take a step back and focus on what actually reduces risk. Perform a pentest now. Identify your real security gaps under realistic conditions. Prioritize and remediate critical and high-risk findings. Follow up with configuration audits and structured security hardening across your infrastructure. This is how you build confidence in your #defenses, not by chasing headlines, but by systematically eliminating the weaknesses attackers consistently rely on. --- The #Illusion of "New" Risk #Attack names evolve faster than defenses. Yet during #RedTeam engagements, we rarely need zero-days. Misconfigurations, weak identity controls, and poor segmentation still open the door. The "new threat" narrative often distracts from the real issue: inconsistent #security fundamentals. --- #Engineering Over Panic #Security #engineering isn’t about chasing headlines, it’s about building resilience. Harden your systems. Validate configurations. Test assumptions. A well-executed security assessment or pentest doesn’t just find vulnerabilities, it measures how well your defenses actually hold under pressure. --- What Actually Works - Consistent #hardening baselines. - Regular, realistic #pentests. - Continuous #validation of controls. This is where confidence comes from, not from reacting to every new name in the threat landscape. If lateral movement is nearly eliminated, your external attack surface is minimal, your workstations are hardened with no admin privileges and unknown executables blocked, and your internal network has nothing more than moderate and low findings, does it really matter what the next threat is called? If you know your systems and understand your threats, you need not fear the outcome of any attack. - logisek.com #CyberSecurity #PenTest #RedTeam #InfoSec #OffSec #SecurityEngineering #SecurityMindset #OffensiveSecurity #Logisek

The 3-Letter #Breach Nobody Notices It doesn’t start with #malware or #phishing. It starts with three innocent letters typed too quickly, a file shared with the wrong person, unnoticed, until months later when the mistake finally surfaces. --- The Hidden Risk in "gpa*" During assumed breach exercises and #configuration #audits, we repeatedly uncover a subtle but dangerous pattern in OneDrive and SharePoint. Users often share access by typing just the first 2–3 letters of a name, "gpa*", assuming the right person will be selected. But in environments with similar usernames (e.g., gpappas, gpapadopoulos), access frequently lands in the wrong hands. --- ⚠️ How Mistakes Become Exposure The error often goes unnoticed. The intended recipient eventually asks for access, and the owner simply adds them, without removing the unintended user. Not out of negligence, but due to time pressure and lack of visibility. Over time, these small oversights compound into silent data exposure. --- Why This Is a Security Problem Attackers don’t need to break in when access is already misconfigured, and insider threats thrive in the same gaps. Regular audits, access reviews, and smarter sharing controls are not optional; they are essential. Not surprisingly, during audits, clients are often shocked to discover just how many unintended users have access. - logisek.com #CyberSecurity #RedTeam #PenTest #InfoSec #OffSec #IdentitySecurity #Logisek

#Pentesting Beyond the Checkbox At #Logisek, you’re not paying for a pentest report, you’re investing in understanding how your business could actually be breached. And it doesn’t end with report delivery; our consultants stay with you, helping you understand the findings, prioritize what matters most, and work alongside your IT team, vendors, and partners to navigate the often complex path of remediation. --- Not a #Game of Flags In #infrastructure pentesting, we don’t chase trophies or isolated exploits. Whether external or internal, the goal is simple: simulate a real attacker. That means going beyond "one critical finding" and digging into everything, default credentials, exposed admin panels, weak configurations, and overlooked access paths that quietly expand the attack surface. --- 🧭 #Guided, Not Guesswork Our approach is grounded in proven methodologies: #OWASP Testing Guide, #OSSTMM, #PTES, and #NIST SP 800-115. But frameworks alone aren’t enough. Every engagement includes opportunistic black-box testing of discovered web apps, because attackers don’t ask for architecture diagrams, they adapt to what they find. --- ⚙️ From Access to Impact Scanning is just the start. #Exploitation, post-exploitation, and pivoting reveal the real story. Can a low-privileged foothold become domain admin? Can one misconfiguration cascade into full compromise? That’s the difference between a report and a realistic risk assessment. --- #Security Is Depth, Not Speed Time is always limited, but depth shouldn’t be. The value of a pentest lies in how closely it mirrors real-world adversaries. - logisek.com #CyberSecurity #PenTest #RedTeam #InfoSec #OffSec #SecurityMindset #OffensiveSecurity #Logisek

When One #Engineer Becomes Your Entire Security Model Most organizations assume the greatest risk comes from outside the organization. In reality, it’s #internal opacity, undocumented infrastructure understood by a single engineer. In more than 70% of assessments, critical knowledge is fragmented, tribal, or missing entirely. That imbalance gives attackers an edge: their reconnaissance becomes more effective than your own visibility. When an #attacker understands your environment better than you do, you’ve already lost control. --- The #Single Point of Failure No One Sees During a recent #assessment, we asked for the basics: asset inventory, network diagrams, access controls. Nothing centralized existed. Everything, from admin credentials to firewall rules, lived in one engineer’s head or on a personal spreadsheet. From an attacker’s perspective, this isn’t chaos. It’s clarity. --- 🧠 The Attacker’s Advantage Attackers don’t wait for documentation. They enumerate, map, and exploit faster than organizations can reconstruct tribal knowledge. No visibility means no defense. No ownership means no accountability. If one person holds the keys, your infrastructure is already exposed, just not to you. --- #Security maturity isn’t about tools. It’s about control: - Do you know what exists? - Can you access it under pressure? - Can you recover when it breaks? Because if your key engineer disappears tomorrow.. what’s your first move? - logisek.com #CyberSecurity #RedTeam #PenTest #InfoSec #OffSec #SecurityMindset #OffensiveSecurity #Logisek

The Day #AV Stopped Working "We're fully covered. Our AV is bulletproof." That confidence usually lasts.. until the first Red Team or assumed breach exercise runs. --- Why AV Fails Quietly Modern attacks don't look like malware anymore. #FUD payloads, in-memory execution, and LOLBins blend into legitimate activity. No signatures, no obvious indicators, just normal-looking processes doing abnormal things. Traditional AV simply wasn't built for this kind of tradecraft. --- 🧠 The Real Gap: Assumptions vs Reality Most environments rely on beliefs: "no alerts means no compromise" or "EDR is deployed, so we're safe." But tooling without tuning, monitoring, and context is just noise. Attackers don't break defenses, they bypass assumptions. --- What Actually Changes the Outcome Shift to behavior-based detection, actively monitor your EDR, and enforce controls like application allowlisting and privilege restrictions. Most importantly, adopt an "assume breach" mindset and validate continuously through simulations. If your defenses were tested today with real adversary techniques.. what would actually happen? - logisek.com #CyberSecurity #RedTeam #PenTest #InfoSec #OffSec #Logisek

Breaking #Mobile Apps Like Attackers Do Most mobile #pentests fail not because tools are missing, but because the methodology is. 📱 #MASTG, Driven Testing Mindset We don’t "scan apps", we systematically break them using the OWASP MASTG as a baseline. It gives us structured coverage across storage, crypto, auth, network, platform, and resilience layers, ensuring no blind spots. This isn’t checklist security, it’s repeatable, deep, and aligned with real,world attack paths. --- 🧩 Full, Spectrum #Attack Surface Our approach blends: - #Application layer → static + dynamic analysis, reverse engineering. - #API layer → auth bypass, logic flaws, data exposure. - #Device layer → rooting/jailbreaking, memory inspection, runtime hooking. We treat the app as part of a client, server ecosystem, not an isolated binary. --- 🎯 Findings That Actually Matter Every finding is mapped to #OWASP Mobile Top 10 (2024) categories, from insecure storage to improper credential usage, making risk tangible for both engineers and leadership. --- Real impact comes from chaining weaknesses across layers, not isolated vulnerabilities. - logisek.com #CyberSecurity #MobileSecurity #PenTest #RedTeam #OWASP #MASTG #InfoSec #OffSec #Logisek