Resources

Blog

CVE-2024-6769: Poisoning the Activation Cache to Elevate From Medium to High Integrity

By Ricardo Narvaja on Thu, 09/26/2024

This blog is about two chained bugs: Stage one is a DLL Hijacking bug caused by the remapping of ROOT drive and stage two is an Activation Cache Poisoning bug managed by the CSRSS server.The first stage was presented in detail at Ekoparty 2023 in the presentation called "I'm High" by Nicolás Economou from BlueFrost Security. He explained how to exploit the vulnerability which, at the time, had not...

Guide

Decoding the Attacker Mindset: Pen Testing Revelations

Cybersecurity isn't just about defense—it's about understanding the offense. With penetration testing, organizations can learn to think like an attacker and develop more proactive strategies that anticipate attacks. In this guide, explore 5 scenarios that provide insight into the methods and techniques deployed in real-world pen testing engagements, including: Using a password spray attack to...

Blog

Windows DWM Core Library Elevation of Privilege Vulnerability (CVE-2024-30051)

By Ricardo Narvaja on Mon, 09/09/2024

In this blog post, I will explain a vulnerability in the Microsoft Windows Desktop Windows Manager (DWM) Core library that I analyzed when the exploit for Core Impact was being developed. This vulnerability allows an unprivileged attacker to execute code as a DWM user with Integrity System privileges (CVE-2024-30051).Since there was not enough public information at the time to develop the exploit,...

News Article

How to Fortify Defenses Before Threats Materialize

By Chris Reffkin on Mon, 09/09/2024

Cyber threats are becoming more sophisticated and frequent, yet many organizations still face challenges due to limited resources. In ITSecurityWire, Fortra's Chris Reffkin highlights prioritizing remediation, closing the skills gap, and ongoing improvement.

Guide

Guide to Creating a Proactive Cybersecurity Strategy

Cyber attacks are common, with 89% of companies experiencing an attack in the last 12 months*. It’s time to stop asking if attacks will occur and start asking if you can stop attacks from being successful. One of the best ways to answer this question is by employing a proactive security program. Using assessment and testing to harden your cybersecurity measures, proactive security: Uncovers...

News Article

IT Nerd: Exclusive Insights from Fortra’s 2024 Penetration Testing Report

By Chris Reffkin on Fri, 06/28/2024

Fortra CISO Chris Reffkin spoke with IT Nerd and shared valuable insights from Fortra’s 2024 Penetration Testing Report.

Guide

How to Get Started with IT Modernization

Modernization is more than simply switching from a green screen to a GUI. To have a truly modern IBM i data center, you must consider all areas of IT from your software and applications to your hardware and devices to the processes that support the whole operation. This guides helps you modernize your IBM i from the ground up.

Product Video

Performance Navigator Overview and Demonstration

Wed, 09/27/2023

Watch this video for an overview of Performance Navigator’s key components and a demonstration of how you can use it to optimize your IT enterprise.

Article

The Importance of VIOS

Thu, 08/31/2023

VIOS is considered a standard in organizations running IBM i, AIX, and Linux workloads. But don’t put your business at risk by letting it run unchecked. Learn five areas you must be monitoring.

Product Video

Robot Monitor Product Overview and Demonstration

Wed, 07/26/2023

Watch this recording to get an overview of Robot Monitor’s key features – including SQL monitoring, customization to workloads, and the ability to create your own SQL-based monitor – as well as an inside look at how to operate Robot Monitor and customize its outputs to your liking.

Guide

Fortra's Complete Guide to Layered Offensive Security

Most organizations have a decent understanding of the types of defensive security tactics they need to employ to thwart cyberattacks. But offensive security techniques are just as important for detecting existing vulnerabilities that a threat actor has yet to discover and exploit. Learn how to approach offensive security from the ground up, including the value of using a layered security...

Datasheet

How Fortra Supports the Zero Trust Journey

What Zero Trust means, tips for getting started, and how Fortra solutions support your Zero Trust security journey.

Infrastructure and Data Protection

Data Protection

Compliance

Data Classification

IT Infrastructure Protection

Vulnerability Management

On-Demand Webinar

Infrastructure Protection for Proactive Security

By Nick Hogg

Infrastructure Protection for Proactive Security Today’s threat landscape is moving so rapidly that it’s essential to anticipate attacks and adapt your cybersecurity strategy to avoid becoming the next security breach. Such devastating breaches can cripple an organization, slowing or halting day-to-day operations and doing significant harm to a business’ reputation. Join our infrastructure...

Article

Getting to Grips with QZDASOINIT Jobs

By Kurt Thomas on Fri, 09/30/2022

QZDASOINIT job issues can cause high CPU usage and hurt IBM i (iSeries, AS/400) performance. Learn how using Robot Monitor can help you proactively avoid resource issues.