Chris Thompson — Associate Partner, Adversary Simulation Services, X-Force Red

Associate Partner, Adversary Simulation Services, X-Force Red

Chris is proud to lead a team of talented red team operators and security researchers. He has spoken at a number of security conferences, including Black Hat, Defcon, Wild West Hacking Fest, SecTor, Toorcon, and BSides.

Software Vulnerabilities December 13, 2022

Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism

2 min read - In September 2022, Microsoft patched an information disclosure vulnerability in SPNEGO NEGOEX (CVE-2022-37958). On December 13, Microsoft reclassified the vulnerability as “Critical” severity after IBM Security X-Force Red Security Researcher Valentina Palmiotti discovered the vulnerability could allow attackers to remotely…

Incident Response March 3, 2021

A More Effective Approach to Combating Software Supply Chain Attacks

3 min read - Software supply chain attacks are not new, but as we’ve seen recently, if executed successfully they can have huge payoffs for sophisticated attackers. Detecting malicious code inserted into a trusted vendor’s security updates is extremely difficult to do at scale,…

Software Vulnerabilities May 1, 2019

Penetration Testing Versus Red Teaming: Clearing the Confusion

6 min read - There is some confusion in cybersecurity as to the difference between penetration testing and red teaming. Since all businesses have vastly different security needs, the distinction is critical.

Failed to load data

Analysis and insights from hundreds of the brightest minds in the cybersecurity industry to help you prove compliance, grow business and stop threats.

Cybersecurity News By Topic By Industry Exclusive Series Threat Research Podcast Events Contact About Us

Security Intelligence

{{title}}

{{title}}

{{title}}

{{title}}

Topics

Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism

A More Effective Approach to Combating Software Supply Chain Attacks

Penetration Testing Versus Red Teaming: Clearing the Confusion

{{{title}}}