Insights · Tag

#initial access

2 posts tagged initial access.

DFIR 14 Apr 2022

Just a marketing website: how a neglected WordPress site became a path to Domain Admin

It came in as a spam complaint. It ended at a forgotten brochure website wired into the company's domain controller, with the Domain Admin password sitting in a script on someone's desktop. A story about the assets nobody thinks are worth attacking.

By Cyberange DFIR Team

Threat intelligence 17 Apr 2026

Browser-based initial access in 2026

The fastest-growing initial-access surface in the engagement data is the browser session, not the credential. Reverse-proxy phishing kits, OAuth consent abuse, extension supply-chain hijacks, and infostealer-fed cookie marketplaces — what changed, why MFA and password rotation no longer cover the dominant case, and which controls actually move the curve.

By Cyberange Threat Intel