Areas Of Expertise
Eva is a security engineer, researcher, and penetration tester with over 5 years of experience working on both red teams and blue teams.
She specializes in offensive security attacking on-premise infrastructure, cloud infrastructure, and web and mobile applications.
Recent Articles:
There are many definitions of continuous penetration testing. At PurpleSec, we believe conducting a penetration test at least quarterly means you’re continuously assessing your security posture.
A Linux backdoor malware has been discovered that has the capabilities to exploit around 30 WordPress plugins with the goal to inject malicious JavaScript code.
In order to get early access to Kubernetes setups, the threat actors behind the Kinsing Crypto Jacking operation have been seen taking advantage of unprotected and improperly configured PostgreSQL servers.
Rackspace Technology noticed that users were experiencing issues while trying to access their Exchange Environment which turned out to be a ransomware attack.
In the second week of November, around 15,000 sites were compromised in a major search engine optimization (SEO) campaign. The threat actors established the attack to redirect the visitors of the websites to fake Q&A discussion forums.
Cloud Penetration Testing is the process of detecting and exploiting security vulnerabilities by simulating a controlled cyber attack on cloud-native systems, where the cloud infrastructure’s security posture is assessed.
You may need to conduct a white box penetration test if you want to evaluate your application security, wireless security, infrastructure, network security, or physical security in an assumed breach scenario.
Advocate Aurora Health, AAH, a 26-hospital healthcare system in Wisconsin and Illinois, is notifying its patients of a data breach that exposed the personal data of 3 million patients.
Misconfiguration of an endpoint caused a leakage of 2.4 TB of data of Microsoft’s customers. The issue stemmed from a misconfigured Azure Blob Storage and was spotted on September 24, 2022.
A black box penetration test is a security test performed by an external party that is completely unfamiliar with the target. The security assessor (penetration tester) is provided with no information of the system specifics and no credentials except for the target URL.
On September 8, Portuguese local news organization, Diario de Noticias reported that the Portuguese Government’s Department of Defense has allegedly been a subject of a cyber security data breach involving exfiltration of confidential NATO documents.
On September 15th, an 18 year old managed to hack Uber. The hacker reportedly gained control over the company’s internal systems leveraging social engineering techniques that led to compromising an employee’s Slack account.
Cloudflare revealed on Tuesday, August 9th that they were also targeted by the threat actors who breached Twilio and gained unauthorized access to some of its systems on August 4th.
Confidential data has been exposed in several places on the dark web and the data exposed is also quite new, with files timestamped as recent as June 2022.
Confidential data has been exposed in several places on the dark web and the data exposed is also quite new, with files timestamped as recent as June 2022.