Cybersecurity Services
Overview
vCISO-Led Security Team as a Service (STaaS)
Offensive Security Consulting + Adversarial Simulation
Defensive Security Consulting + Hardening
Cyber Risk Advisory + GRC Compliance
Industries
Overview
Financial Services
Higher Education
Healthcare
Technology and SaaS
Sports & Entertainment
Manufacturing
Professional Services
Retail
Not for Profit
Defense Industrial Base (DIB)
Partners
About
Careers
Intelligence
Articles
Webinars
Cybersecurity Services
vCISO-Led Security Team as a Service (STaaS)
Offensive Security Consulting + Adversarial Simulation
Defensive Security Consulting + Hardening
Cyber Risk Advisory + GRC Compliance
Industries
Financial Services
Higher Education
Healthcare
Technology and SaaS
Sports & Entertainment
Manufacturing
Professional Services
Retail
Not for Profit
Defense Industrial Base (DIB)
Partners
About
Careers
Intelligence
Press and Events
Contact
Latest Intelligence
Cyber Intelligence Weekly (September 8, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Navy Officer Demoted for Installing Unauthorized Satellite Dish on Warship, Russian GRU Officers Charged for Cyberattacks on Ukraine and NATO Countries, Food Supply at Risk: Why Cybersecurity in Agriculture Needs Urgent Attention
Posted on Sep 08 / 2024
Cyber Intelligence Weekly (September 1, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Chinese Hackers Exploit Zero-Day Vulnerability to Infect ISPs and Steal Customer Credentials, ALBeast Vulnerability in AWS ALB Exposes Thousands of Applications, FBI Warns of Iranian Collaboration with Ransomware Gangs Targeting U.S. and Allies
Posted on Sep 01 / 2024
Summer Wrap-Up: Intern Experiences at Echelon Risk + Cyber
Let's reflects on the transformative internship experience at Echelon Risk + Cyber, highlighting the journeys of interns Drew Foley, Cole LaCamera, Pamela Sanchez, and Niko Raketich. Each intern shares their insights gained through hands-on exposure to various aspects of cybersecurity, from vCISO services to compliance assessments and marketing. The program not only nurtures talent but also infuses the company with fresh perspectives, illustrating the profound impact of a supportive learning environment. A heartfelt thank you is extended to all interns for their valuable contributions this summer.
Posted on Aug 29 / 2024
Intelligence
in
Hacker's Perspective: Tips for Defenders
Adaptability and Perseverance – Breaking Down the 2023 CrowdStrike Global Threat Report
Here are our key takeaways from CrowdStrike's 2023 Global Threat Report. Discover the latest threat trends and explore recommendations for staying ahead of threats.
Posted on May 23 / 2023
Hacker's Perspective: A Modern Approach to Cross-Site Request Forgery
Learn how to locate and exploit Cross-Site Request Forgery (CSRF) vulnerabilities in modern web applications by understanding client-side and server-side code interactions, CSRF tokens, and SameSite cookie policies.
Posted on May 10 / 2023
Hacker’s Perspective: Securing JSON Web Tokens
If you are a modern-day developer, you’re probably plenty familiar with JSON Web Tokens (JWT’s). They perform their job efficiently when correctly implemented. Unfortunately, they can also be vulnerable to malicious threat actors.
Posted on Nov 28 / 2022
DEF CON 30 in Review: How the Echelon Team Won a Black Badge, and a Black Badge Breakdown
Buckle up for the story of how the Echelon team won the coveted DEF CON Black Badge, and dive deep into Ross Flynn's detail breaking down the Black Badge.
Posted on Sep 13 / 2022
Hacker’s Perspective: Web App Vulnerabilities - An In-Depth Look at Attacking File Uploads
File uploads are ubiquitous, making them a prime target for attackers. Here's how ethical hackers test your resilience against these kinds of attacks.
Posted on May 25 / 2022
Hacker’s Perspective: Web App Vulnerabilities - Algolia API Keys
Are you exposing your company's internal data? Algolia APIs are extremely useful for efficient access to stored data, but the keys used to access them are easily misconfigured and can give attackers access to allow an attacker to launch a site-wide attack.
Posted on May 16 / 2022
Right in your Lapsus$ – How Attackers are Playing a Different Game
Many cutting-edge security programs base their defenses on sophisticated, nation-state level threat actors. How, then, have so many of them gotten hacked recently by a new and less-sophisticated group, Lapsus$?
Posted on Apr 19 / 2022
eLearnSecurity’s Web Application Penetration Tester eXtreme: Overview and How to Prepare for the Exam
The eWPTX is an expert-level certification covering advanced web application exploitation and analysis. Here’s one cybersecurity consultant’s experience and tips on how to prepare.
Posted on Mar 17 / 2022
How Safe is it to Scan a QR Code?
QR codes are clever (just ask Coinbase), but they can be security nightmares. Here’s what our CEO, Dan Desko, had to say when he was interviewed about this year’s Super Bowl ad.
Posted on Feb 15 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Hacking GraphQL
GraphQL is a commonly used query language for manipulating APIs. Properly secured, it is a useful tool for web application development. Configured improperly, it can have devastating results.
Posted on Jan 31 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Password Reset Feature
Password Reset features can be dangerous and must be implemented securely. Otherwise, user accounts can be compromised.
Posted on Jan 24 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Detailed Error Messages
Detailed error messages may seem unimportant, but they can be very valuable for attackers. Here's more on why they are important and how you can fix this web app vulnerability.
Posted on Jan 18 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Invite Feature
Hidden dangers within your web app’s ‘invite’ feature, why it matters, and how you can fix it.
Posted on Jan 13 / 2022
A Hacker’s Perspective: How to Create a Strong Password (Hint, Length Matters!)
From a hacker’s perspective, the essence of password security boils down to two things: how guessable is it and how easy is it to crack encrypted passwords. Here are our tips for creating stronger passwords.
Posted on Aug 24 / 2021
A Hacker’s Perspective: Top Three Ways to Mitigate Modern Phishing Techniques
More people fell victim to phishing than any other form of internet crime in 2020, and this trend is likely to continue. But phishing is not just prevalent - it is evolving. Here are three mitigation strategies for modern phishing techniques, from the perspective of a hacker.
Posted on Aug 04 / 2021
Search
Articles
Webinars
Sections
Cyber Intelligence Weekly
Offensive Security: How to Level Up
Hacker's Perspective: Tips for Defenders
Compliance
Beyond the Baseline: A New Approach to IT Audits
CISO's Corner
Tech Dives
Cyber Career Tips
Financial Services
Higher Education
Healthcare
Technology & SaaS
Manufacturing
Improving Cyber Hygiene
Downloadables
Our People
Cybersecurity Champions
Sign Up
Are you ready to get started?
Are you ready to get started?
Contact Us