Site Map

Pages

• About Us
  • Attack Surface Management Portal
  • Certifications
• BA
  • Finance
  • SaaS
  • Telecoms
• Contact us
• Cookies Policy
• Cyber Risk Gap
• Disclosure Policy
• Events
• FS
• GS
  • Contact Us
• Hall Of Fame
• Homepage
• Inside the Spider
• JOIN THE SWARM.
  • Careers thank you
• Legal Documents
• Log In
• Newsletter
• Pricing
• Privacy Policy
• Privacy Policy June 2023- Archived
• Privacy Policy March 2024 – Archived
• Resources
• RSA 2025
• Services
  • Breach and Attack Simulation Services
  • Constant Cyber Attack Subscription
  • Ethical Hacking Services
  • Insider Threat detection
  • IT Infrastructure Penetration Testing
  • Password Strength Testing
  • Penetration Testing Services
  • Phishing Attack Simulation
  • Physical Cyber Attack Services
  • Ransomware Attack Simulation
  • Red Team Services
  • Regulatory and Compliance testing
  • Social Engineering Testing Services
  • Vulnerability Scanning Services
  • Web Application Security Testing
• Site Map
• Solutions
  • Crypto
  • Finance
  • Healthcare
  • SaaS
• Thank you

Posts

CovertSwarm Threat Alert

• SWARM INTELLIGENCE: BadSuccessor
• Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516

Glossary

• Cybersecurity Glossary
• What is Breach and Attack Simulation (BAS)?
• What is vulnerability scanning and why is it important?
• What is web application security, and why is it important?
• What is attack surface management and how does it work?
• What is a purple team and why do you need one?
• What are insider threats and how do you prevent them?
• Incident response: a comprehensive guide
• What is IT infrastructure, and why is it important?
• What’s the difference between red teaming and penetration testing?
• What’s the difference between a red team and a blue team?
• What is patch management and what are the benefits?
• Digital Forensics and Incident Response (DFIR): the ultimate guide
• Denial of Service (DoS) attacks: a complete guide
• What are evil twin attacks and how do you prevent them?
• What is fuzzing and how does it work?
• What is API testing?
• What is email spoofing?
• What is an Intrusion Detection System (IDS)?
• Vishing: everything you need to know
• What is Kerberos authentication?
• What Does SDLC Mean?
• What is endpoint security and why is it important?
• What is Cross-Site Scripting (XSS) and how do you prevent it?
• Multi-Factor Authentication (MFA): what you need to know
• What is a Man-in-the-Middle (MitM) attack?
• What are brute force attacks?
• What is an eavesdropping attack?
• What is DNS and how does it work?
• What is smishing and how do you prevent it?
• What is spear phishing and how do you prevent it?
• What is a SQL injection (SQLi) attack and how can you prevent them?
• What is malware and how can you prevent it?
• What is phishing and how can you prevent it?
• What is a firewall?
• What is ransomware and how do you prevent it?
• What is penetration testing and why is it important?
• What is social engineering in cybersecurity?
• What is ethical hacking?
• Red teaming: everything you need to know
• MFA Bombing
• What is password cracking and how does it work?
• Winners of the CISO Choice Awards ‘Breach & Attack Simulation Service Provider’
• One Hive Member’s insights into how and why our industry should change
• We’re Security Current’s 2022 CISO Choice Awards Finalists!
• FortiOS / FortiProxy / FortiSwitchManager – Authentication Bypass (CVE-2022-40684)
• Critical Zero-Day Vulnerability in Microsoft Exchange
• Unauthenticated Remote Code Execution in Magento 2 and Adobe Commerce Systems (CVE-2022-24086)
• Pentest from your pocket with Flipper Zero
• Critical vulnerability identified in WordPress plugin “BackupBuddy”: (CVE-2022-31474)
• DEF CON 30: what we learned (and how it helps you)
• Working at CovertSwarm: Our First Intern
• Critical RCE in DrayTek Routers (CVE-2022-32548)
• Why a cyber value proposition should be part of your business strategy
• Critical vulnerabilities identified in VMware products (CVE-2022-31656)
• DEF CON 30: what it is and where to find us
• What’s it like to work at CovertSwarm?
• Working at CovertSwarm: One Hive Member’s Experience
• CONSTANT offensive security – How does it all work?
• The Tiber EU Framework: What is it and why is it important?
• The Internet of Things: Securing the Hidden Attack Surface of Your Home
• What is an Application-level Attack?
• What is Fingerprinting in Ethical Hacking?
• What is Intrusive Penetration Testing?
• Application Penetration Testing
• What is Wi-Fi Penetration Testing?
• Office 365 Security Best Practices
• What is Penetration Testing as a Service (PTaaS)?
• CEH Certification
• Sniffing Attack
• What is Session Hijacking?
• Retail Penetration Test
• DevOps vs DevSecOps
• Malicious Code
• What is Enumeration in Cyber Security?
• What is Penetration Testing Software?
• What is a computer worm and how do you prevent them?
• What is a Network Penetration Test?
• Is Open Source or Proprietary More Secure?
• What is Broken Authentication?
• Can You Pentest AWS?
• What is the Information Security CIA?
• Is Linux Good for Ethical Hacking?
• What is a Physical Penetration Test?
• Why is Python Used for Hacking?
• What is CREST Certification?
• What are the Best Laptops for Pen-testers?
• What is an Android Pentest?
• What is Cloud Pentesting?
• What is a False Positive in Cyber Security?
• Internal vs External Pen Testing
• What is Nmap in Cyber Security?
• What is an OSCP Penetration Test?
• What is PCI Pen Testing?
• Simplify your jira vulnerability management workflow

News

• ANATOMY OF A BREACH: INSIDE THE MODERN RETAIL ATTACK
• CovertSwarm named a Sunday Times 2025 Best Place to Work 
• CovertSwarm Achieves ISO 22301 Certification
• CovertSwarm Ranks #23 on Clutch 100 Fastest-Growing Companies in 2025
• CovertSwarm Achieves Prestigious CBEST Accreditation
• Julio Taylor joins CovertSwarm as CMO
• Beware of Recruitment Scammers Impersonating CovertSwarm 
• CovertSwarm welcomes Nick Dibbern as Chief Financial Officer
• James Dale joins CovertSwarm as Head of Adversarial Simulation Testing
• CovertSwarm Achieves STAR-FS Accreditation
• CovertSwarm Secures Spot in TechRound’s Top 100 for 2024 
• An In-Depth Guide to Remote Desktop Protocol (RDP) 
• Mitigating Credential Stuffing Attacks with IP Rotation: Strategies and Considerations 
• CovertSwarm at DEF CON 32: Insights from the Swarm
• How to Own DEF CON Like a Boss
• DEF CON 32: Discover the New CovertSwarm Badge
• Academy Launches Second Intake 
• Combining regulation with real-world security assurance: DORA and NIS2 
• CovertSwarm named by Clutch among Top 100 Fastest-Growing Companies
• The Sunday Times – Best Places to Work 
• Ellie Lancaster joins as Head of People and Culture
• Rishikesh Bhide joins CovertSwarm as Head of Engineering
• Louis Blackburn joins as Operations Director
• CovertBrew February Edition
• Discovering WordPress Vulnerabilities to Make it Safer
• Exploiting CVE-2023-5044 and CVE-2023-5043 to overtake a Kubernetes Cluster
• A journey into Badge Life
• Persistence Attack in Active Directory: The Golden Ticket Attack
• Our first Employee Net Promoter Score in review
• CovertSwarm named on the Startups 100 Index
• CovertSwarm strengthens leadership team with three key senior appointments
• We’ve been named a CISO Choice Awards finalist
• Web application vulnerability Scanning, in the palm of your hands
• How to create a strong password and essential best practices
• How to become an ethical hacker
• TechRound names CovertSwarm among the Top 20 Cybersecurity companies
• CovertSwarm launches in-house Academy Program
• We’re joining the Badge Life Movement: Discover the CovertSwarm Badge at DEF CON 31
• Covertswarm secures investment from beech tree private equity
• CovertSwarm revolutionizes Attack Surface Management with launch of free Offensive Operations Center
• Why red team exercises should be included in your company’s supply chain defense strategy
• SteelCon 2023: diary of a conference goon
• CovertSwarm Hive member, Dario Tejada, shares knowledge to Spanish cybersecurity community
• The risks, impact, and benefits of using AI generated content
• Security fatigue
• XSS – It’s not just “alert(1)”
• CovertSwarm is now ISO 27001 and ISO 9001 accredited
• ChatGPT in the wrong hands….
• ALERT – Critical Microsoft Outlook bug Actively Exploited
• CovertSwarm appoint former ITV.com MD as Chairman of the Board
• Simplify your vulnerability management workflow in Jira
• Introducing Will Morrish, CovertSwarm Chief Revenue Officer
• Enhance team cyber collaboration with our new Slack integration
• Exploiting Microsoft Windows 11 via Process No-Hollowing
• Zero-day vulnerability in Atlassian Confluence
• Zero-day vulnerability in Microsoft Office – Follina
• Diary of a Cyber Attacker
• CovertSwarm Inc. launched in North America
• CovertSwarm supports BBC to advise social media account hijack victims
• Video: Zero-Day Exploitation From A Bad Actors Perspective
• Multiple Windows Zero-Days Identified (CVE-2022-24521, CVE-2022-26904 and CVE-2022-26809)
• Zero Day Vulnerability Identified In Java Spring Framework – CVE-2022-22965 (Spring4Shell)
• Remote Code Execution Vulnerability In Veeam Backup & Replication – CVE-2022-265 & CVE-2022-26501
• Critical Root Privilege Escalation Vulnerability Alert In Linux – CVE-2022-0847
• Video: Your Best Defence is Your Worst Enemy – Rethinking Your Cyber Security Strategy.
• Who are CovertSwarm?
• CovertSwarm – Dundee and Angus College Curriculum Partner
• Introducing CovertSwarm – The Podcast
• Zero Day Vulnerability Identified In Magento 2 And Adobe Commerce (CVE-2022-24086)
• The emerging crisis in Ukraine
• 0-day Vulnerability In Horde Webmail Email System
• Authentication Bypass/Instance Takeover Vulnerability via Zabbix Frontend – CVE-2022-23131
• Critical RCE Vulnerabilities in WordPress Plugin PHP Everywhere
• Privilege Escalation Vulnerability in Windows Print Spooler – CVE-2022-22718
• Critical Vulnerability Alert in Samba – CVE-2021-44142
• Demonstration of remote root via Log4Shell and PwnKit attack chain
• Critical 0-day vulnerability in Polkit pkexec component
• CovertSwarm appoints Luke Potter as Chief Operating Officer
• Log4Shell RCE: Critical Zero Day Security Vulnerability
• Password Policy Best Practices 2022
• Video: An Ethical Hacker’s View on your Security (London CTOs)
• Pentesting is DEAD.
• CovertSwarm collaborates with BBC on Instagram Scam investigation
• CovertSwarm assists BBC with telephone ‘number spoofing’ investigation
• The Challenges of ethical hacking
• How to Become a Cyber Security Consultant
• How Secure are TPM Chips?
• CovertSwarm Gains Further Accreditation with CREST STAR
• CovertSwarm Achieves CREST Accreditation
• An introduction to Constant Cyber Attack
• Improving Internal Cybersecurity Engagement – Q&A
• CovertSwarm launches Offensive Operations Centre
• Accelerate your cybersecurity posture with a CovertSwarm of security professionals
• Are you a Cyber Rebel?
• As A Service’ (AAS) Overload – Providing Context to ‘AAS’ in Cybersecurity
• New Styles of Cyber Attack Detected against Businesses & Supply Chain Partners
• Is your Penetration Testing Program delivering the value you expect to your business?
• Rattle the lock on your SOC’ – Time to constantly test your Security Operations Centre
• Rattle the lock on your SOC
• Is your Security Operations Centre awake? Your adversaries are. And so are we.
• The cyber risk of high-velocity product development
• Annual Penetration Testing is no longer enough

Opinion

• Your LLM Security Isn’t as Strong as You Think.
• Retail Under Siege: The Coordinated Cyber Assault on UK’s Top Stores
• AI apps are smart. Until they do something really dumb.
• Reality Check: What Google’s Latest Report Tells Us About AI-Enabled Threat Actors
• Santa: The OG Ethical Hacker Smashing Your Home Security Since Forever 
• Is Your Business Secured Like an Egg or an Onion?

Swarm Intelligence

• Inside BadSuccessor: Privilege Escalation via dMSA in Windows Server 2025

Technology

• K8s – Pod to Node Escape Techniques
• Uncloaking Radio Frequency Identification (RFID)
• Gaining Initial Access in a Kubernetes Environment (part 2)
• Exploring the Kubernetes Architecture from an Offensive Viewpoint (part 1)
• The trials and tribulations of secure software development
• AI voice impersonation: voice-based authentication just got owned
• Improving organisational awareness with enhanced Automated Reconnaissance
• Avoiding the Cyber Risk Rollercoaster
• Discovering and identifying change to your organisation’s attack surface
• CovertSwarm: How our technology helps you

Case Studies

• Araco: how we turned an image upload into a potential nightmare
• The one where we turned a telecom’s security nightmare into a masterclass in resilience
• The one where we cracked 90% of a fintech’s passwords using their onboarding process
• The one where we rewrote the script on security
• The one where we breached an insurance giant through image uploads
• The one where we owned a cloud platform through a free trial
• CovertSwarm and Fintech: Snoop Case Study
• Finance: From Pen Testing to Constant Cyberattack Simulation
• Retail: Fortifying The Cybersecurity Posture Against APT
• Finance: Evolving From CBEST to Risk-Based Cybersecurity

Podcasts

• Episode 33 – The AI Impersonation with Ron Eddings
• Episode 32 – Inside the Breach: The Vulnerabilities Within Your Perimeter
• Episode 31 – Insights From A Former State-Sponsored Hacker
• Episode 30 – CovertSwarm Academy: End of First Year
• Episode 29 – DEF CON: Las Vegas Special
• Episode 28 – DEF CON 32: Badge Life
• Episode 27 – From America’s Insurance Capital: Let’s talk about Fraudsters
• Episode 26 – Understanding DORA and NIS2
• Episode 25 – SwarmCon 7 at Bletchley Park
• Episode 24 – Initial Access Brokers
• Episode 23 – The Red Teaming Paradigm
• Episode 22 – New Cyber Maturity Rating Feature
• Episode 21 – Product Thinking in Security 
• Episode 20 – Transitioning from Bug Bounty to Constant Cyber Attack
• Episode 19 – From Punk to Cyber
• Episode 18 – The CovertSwarm Academy
• Episode 17 – The moving security goalpost with Todd Wade
• Episode 16.5 – Defcon 2023 special, live from Las Vegas
• Episode 16 – Challenging the Attack Surface Management industry with special guest Adam Govier
• Episode 15 – Information Security Management with Special Guest Frankie Gallop from Provention
• Episode 14 – Threat Intelligence with special guest Haroon Mahmood
• Episode 13 – Data privacy and security with special guest Ulrika Dellrud
• Episode 12 – SwarmCon special
• Episode 11-Introducing Dominic Cameron, Chairman of the Board, CovertSwarm
• Episode 10- Introducing Will Morrish
• Episode 9- A new standard approach
• Episode 8- It’s time for a change
• Episode 7- PCI DSS 4.0 & Mitigating Skimming Attacks
• Episode 6- My First DEF CON
• Episode 5 – DEF CON 30 Special, Las Vegas
• Episode 4- Are You Thinking About Cyber The Right Way?
• Episode 3- How To Get Into The Cyber Industry
• Episode 2- The Crisis In Ukraine
• Episode 1- Why The Penetration Testing Industry Needs To Change

Authors

• Dom Pietrzak
• James Dale
• Louis Blackburn
• Pablo Sanchez
• Ibai Castells
• Santi Quintana
• Ellie Lancaster
• Alessandro Grisa
• Dario Manuel Tejada
• Maximilian Kleinke