London Drugs closes all of its pharmacies following ‘cybersecurity incident’

External Penetration Testing

Secure Internet-facing IT assets.

Internal Penetration Testing

Secure internal networks and servers.

Web Application Penetration Testing

Secure mission-critical Web Apps & APIs.

Medical Device Penetration Testing

Secure smart medical equipment & data.

Cloud Security Services

Secure cloud-hosted assets & environments.

SCADA Cybersecurity Assessment

Secure SCADA / ICS systems & networks.

Cyber Maturity Assessment

Assess and prioritize your cybersecurity.

Red Team Security Services

Protect against sophisticated cyberattacks.

Consulting & Professional Services

Get advice and support from certified experts.

Compliance Services

Meet the requirements of various standards.

View All Vumetric Services →

SOLUTIONS BY STANDARD

SOLUTIONS BY INDUSTRY

SOLUTIONS BY CHALLENGE

Secure your network infrastructure

Protect your network from security breaches.

Secure your applications

Secure your missions-critical applications (Web, Mobile ,etc.).

Secure your cloud infrastructure

Ensure the security of your cloud environments.

Prevent ransomware attacks

Protect your business from ransomware attacks.

Contact a Cybersecurity Specialist →

WHITEPAPERS

CASE STUDIES

TOOLS

VIEW ALL CYBERSECURITY RESOURCES →

PENETRATION TESTING

APPLICATION SECURITY

VIEW ALL CYBERSECURITY NEWS →

FREQUENTLY ASKED QUESTIONS

Why should we perform penetration testing?

Conducting a penetration test is a critical tool used by companies as part of their cybersecurity risk management strategy. It helps organizations identify and fix the vulnerabilities most likely to be exploited to breach their cybersecurity and offers counter-measures to mitigate the most important risks of facing cybersecurity incidents.

Regular testing can help ensure that your security measures are up-to-date and effective against the latest hacking techniques and cyber threats.

Will your pentest help us meet compliance requirements?

Our penetration tests helps several organizations of all types meet compliance requirements every year by identifying vulnerabilities that need remediation. Once remediation testing is completed, we provide an official attestation confirming that vulnerabilities have been remediated, helping organizations meet compliance requirements efficiently.

How is it conducted? What is the process?

The process is divided in various stages including reconnaissance, scanning, exploitation, and post-exploitation stages to identify vulnerabilities and safely exploit them to determine their full impact. Detailed reports are then provided after testing to help you understand and address discovered issues.

During testing, our experts leverage a combination of manual and automated techniques to simulate exploits and attacks that would be used by hackers in a real-world scenario in accordance with the latest industry standards.

How much does it cost?

The cost of a penetration test can vary significantly depending on the scope of the assessment. For external penetration testing, one of the most significant factors in the price is the number of IP addresses that need to be evaluated. For an application penetration test, the complexity of the app and the number of user roles will directly impact pricing.

Learn more about the main factors that determine the cost of a penetration test →

Quickly receive a free quote with no engagement using our self-quoting tool →

Looking For Additional Information?

Visit our detailed FAQ to learn more or get in touch with a Vumetric expert directly to receive free guidance and advice.

DETAILED FAQ

About Vumetric

Learn more about Vumetric and discover why hundreds of organizations trust our experts.

Partnership Program

Unlock new business opportunites by reselling top-of-the-line cybersecurity services.

Certifications

Discover our team's cybersecurity and penetration testing certifications.

PTaaS Platform

Discover the modern way to launch and manage your penetration testing projects.

Methodologies

Discover our cybersecurity testing methodologies and standards.

Careers

Explore new career opportunities and join our team of passionate experts.

1-877-805-7475

[email protected]

GET STARTED

GIFShell attack creates reverse shell using Microsoft Teams GIFs

Featured, Microsoft, Microsoft Teams
September 9, 2022

A new attack technique called ‘GIFShell’ allows threat actors to abuse Microsoft Teams for novel phishing attacks and covertly executing commands to steal data using … GIFs.

The new attack scenario, shared exclusively with BleepingComputer, illustrates how attackers can string together numerous Microsoft Teams vulnerabilities and flaws to abuse legitimate Microsoft infrastructure to deliver malicious files, commands, and perform exfiltrating data via GIFs.

Bypassing Microsoft Teams security controls allows external users to send attachments to Microsoft Teams users.

The main component of this attack is called ‘GIFShell,’ which allows an attacker to create a reverse shell that delivers malicious commands via base64 encoded GIFs in Teams, and exfiltrates the output through GIFs retrieved by Microsoft’s own infrastructure.

Once the stager is in place, a threat actor would create their own Microsoft Teams tenant and contact other Microsoft Teams users outside of their organization.

As we previously said in our discussion about GIFShell, Microsoft Teams allows Microsoft Teams users to message users in other Tenants by default.

Share this article on social media:

Subscribe to Our Newsletter!

Stay on top of cybersecurity risks, evolving threats and industry news.

London Drugs closes all of its pharmacies following ‘cybersecurity incident’

2024-04-29

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)

2024-04-25

Microsoft releases Exchange hotfixes for security update issues

2024-04-23

Synlab Italia suspends operations following ransomware attack

2024-04-22

MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

2024-04-17

Cisco Duo provider breached, SMS MFA logs compromised

2024-04-16

Microsoft will limit Exchange Online bulk emails to fight spam

View more cybersecurity news →

Featured Services

Web Application Penetration Testing

External Network Penetration Testing

Internal Network Penetration Testing

Medical Device Penetration Testing

Cloud Infrastructure Penetration Testing

Enterprise
Cybersecurity Audit

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE 2024 3400 would be possible by disabling the devices 8217 telemetry it has now been comfirmed

Read The Article →

Cisco Duo provider breached, SMS MFA logs compromised

Hackers have managed to compromise a telephony provider for Duo the Cisco owned company providing secure access solutions and steal MFA SMS message logs of Duo customers

Read The Article →

Microsoft will limit Exchange Online bulk emails to fight spam

Microsoft has announced plans to fight spam by imposing a daily Exchange Online bulk email limit of 2 000 external recipients starting January 2025

Read The Article →

VIEW MORE RECENT NEWS →

CONTACT US

Get in Touch With The Team

Whether you’re looking for more information on our services or simply have a general inquiry, our team remains at your disposal to answer any questions or provide guidance.

A Vumetric expert will be in touch shortly to discuss further.

4.9

5.0

BUILD A QUOTE

RECEIVE YOUR QUOTE QUICKLY

Step 1 of 11

What you will get in your detailed quote:

Activities

Including methodologies

Deliverables

Report table of content

Total cost

All-inclusive flat fee

More than 500 organizations received a quote from us in 2023

BOOK A MEETING

Schedule a Meeting With The Team

Looking for more details on how we can help or need guidance to determine the approach best suited for your organization? Plan a virtual meeting with a member of our team to discuss further without any engagement.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

What happens next?

A Vumetric expert learns about your needs and objectives during a quick meeting.

A project scope is defined (target environment, deadlines, requirements, etc.)

A detailed quote including all-inclusive pricing and statement of work is provided.

CONTACT US

Get in Touch With The Team

Whether you’re looking for more information on our services or simply have a general inquiry, our team remains at your disposal to answer any questions or provide guidance.

A Vumetric expert will be in touch shortly to discuss further.

4.9

5.0

BUILD A QUOTE

RECEIVE YOUR QUOTE QUICKLY

Step 1 of 11

What you will get in your detailed quote:

Activities

Including methodologies

Deliverables

Report table of content

Total cost

All-inclusive flat fee

More than 500 organizations received a quote from us in 2023

BOOK A MEETING

Schedule a Meeting With The Team

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

What happens next?

A Vumetric expert learns about your needs and objectives during a quick meeting.

A project scope is defined (target environment, deadlines, requirements, etc.)

A detailed quote including all-inclusive pricing and statement of work is provided.

Have a Question?

Got an Urgent Need?

1-877-805-7475

Stay Updated on Cyber Risks

Subscribe to the Vumetric Monthly Bulletin to keep up with breaking news in the cybersecurity industry.

1-877-805-7475

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.

External Penetration Testing

Internal Penetration Testing

Web Application Penetration Testing

Medical Device Penetration Testing

Cloud Security Services

SCADA Cybersecurity Assessment

Cyber Maturity Assessment

Red Team Security Services

Consulting & Professional Services

Compliance Services

Looking For Additional Information?

About Vumetric

Partnership Program

Certifications

PTaaS Platform

Methodologies

Careers

GIFShell attack creates reverse shell using Microsoft Teams GIFs

Recent News

Featured Services

The Latest Cybersecurity News

CONTACT US

Get in Touch With The Team

4.9

4.9

5.0

BUILD A QUOTE

RECEIVE YOUR QUOTE QUICKLY

What you will get in your detailed quote:

Activities

Deliverables

Total cost

More than 500 organizations received a quote from us in 2023

BOOK A MEETING

Schedule a Meeting With The Team

What happens next?

CONTACT US

Get in Touch With The Team

4.9

4.9

5.0

BUILD A QUOTE

RECEIVE YOUR QUOTE QUICKLY

What you will get in your detailed quote:

Activities

Deliverables

Total cost

More than 500 organizations received a quote from us in 2023

BOOK A MEETING

Schedule a Meeting With The Team

What happens next?

USA - HQ

Canada - HQ

Canada - Satellite

BOOK A MEETING

Enter your Email Address

PENETRATION TESTING Buyer's Guide

Everything You Need to Know