As defenders patch vulnerabilities in production environments, threat actors continually adapt to exploit new weaknesses, sometimes for financial gain and sometimes to disrupt operations. In this blog, we'll explore how attackers can escalate privileges via a web GUI and ultimately obtain shell access by exploiting a recently disclosed WordPress vulnerability, CVE-2025-2563 . We'll walk through the attack chain from an attacker’s perspective against a practice (non-production

With automation and Artificial Intelligence (AI) on the rise, it's becoming increasingly important to adapt to the tools and techniques...

Personally Identifiable Information or PII is any information about a specific person that can be used to discover that person’s identity.

Polito would like to share resources aimed at women who are in cybersecurity or who are interested in getting into this amazing field.

Pi-hole logs each DNS event, including domain resolutions and blocks. DNS logs are a gold mine that is often overlooked by network defenders

The Proving-Grounds offers both free and paid tier levels, where users can test their skills in a lab environment similar to other platforms

DLL Side-Loading is a pervasive technique partially because its behavior is difficult to detect. As a sub-technique of DLL Hijacking, it ta

The intention of this post is to provide basic queries for targeted AD DS information gathering used in penetration testing. The reader can

A Chief Information Security Officer (CISO) might be what these organizations are missing.

Phishing attack observed by Polito, Inc., which uses an obfuscated JavaScript attachment to show how to analyze the malicious attack.

Polito is pleased to release our VirusTotal extension for X-Ways. This open source extension is useful to quickly triage file hashes

Polito, Inc. is proud to be a sponsor for the 2023 Virginia CyberSlam event being held at George Mason University today. This event brings t

OSINT, or Open-source Intelligence, are a set of techniques for data collection and analysis that is publicly available from various sources

Best practices guidelines allow organizations to respond to five lessons learned from the Ukraine war

On March 23rd and 24th, 2022, Wicked6, sponsored by many companies produced a special 24 hour global women's only CTF event virtually.

Polito Inc. is pleased to announce that we are releasing the Hash Exporter extension for X-Ways. Hash Exporter helps automate hash extract

This blog post will cover how to conduct a ret2libc attack. The ret2libc technique is a tactic used in Linux exploit development that allows

How to conduct basic phishing campaigns using Gophish, an open-source tool for testing an organization’s vulnerability to phishing.

Cybersecurity breaches and other incidents have become increasingly frequent and more impactful over the last year. In a recent high-profile

Policy assessments should be considered as a cybersecurity best practice and should be conducted annually with other assessments such as vul