Red Team
VMware Aria Operations for Logs CVE-2023-34051 Technical Deep Dive and IOCs
Introduction This report is a follow up to https://www.horizon3.ai/vmware-vrealize-log-insight-vmsa-2023-0001-technical-deep-dive/. Earlier this year we reported the technical details for VMSA-2023-0001 affecting VMware Aria Operations for Logs (formerly VMware vRealize Log Insight). […] The ...
Cisco IOS XE Web UI Vulnerability: A Glimpse into CVE-2023-20198
Overview On Monday, 16 October, Cisco reported a critical zero-day vulnerability in the web UI feature of its IOS XE software actively being exploited by threat actors to install Remote […] The ...
SCCM Hierarchy Takeover
One Site to Rule Them Alltl;dr:There is no security boundary between sites in the same hierarchy.When an administrative user is granted a security role in SCCM, such as Full Administrator or Infrastructure Administrator, ...
Reactive Progress and Tradecraft Innovation
Detection as PredictionThe overarching goal of a security operations program is to prevent or mitigate the impact of an attacker gaining unauthorized access to an IT environment. In service of this mission, ...
Leveraging Wargaming Principles for Cyberdefense Exercises
Wargames are an excellent way to ensure your cyberdefense plans are solid and your processes are current ...
Security Boulevard
Apache Superset Part II: RCE, Credential Harvesting and More
Apache Superset is a popular open source data exploration and visualization tool. In a previous post, we disclosed a vulnerability, CVE-2023-27524, affecting thousands of Superset servers on the Internet, that enables unauthorized ...
SaaS Attacks: Compromising an Organization without Touching the Network
Tom Eston | | Attack Framework, attacker, blue team, Cloud, Cloud Penetration Testing, cloud-based, Compromise, Cyber Security, Cybersecurity, Data Privacy, Digital Privacy, Episodes, hacker, Hacking, Information Security, Infosec, lateral movement, Luke Jennings, MITRE ATT&CK, MITRE ATT&CK Framework, network, network attacks, Network penetration testing, Podcast, Podcasts, Privacy, Push Security, Red Team, SaaS, SaaS Application, SaaS Attacks, security, Software-as-a-Service, Special Editions, technology, Weekly Edition
In this episode Luke Jennings VP of Research & Development from Push Security joins us to discuss SaaS attacks and how its possible to compromise an organization without touching a single endpoint ...
Ivanti Sentry Authentication Bypass CVE-2023-38035 Deep Dive
Introduction Ivanti has recently published an advisory for CVE-2023-38035. The vulnerability has been added to CISA KEV and is described as an authentication bypass in the Ivanti Sentry administrator interface. This new ...
Endpoint Security: The Least Privilege Approach
With endpoints being the primary targets for malicious attacks, adopting a robust security strategy is crucial. One such approach gaining prominence is “The Least Privilege Approach.” In this blog, we delve into ...
Lexmark Command Injection Vulnerability ZDI-CAN-19470 Pwn2Own Toronto 2022
Introduction In December 2022, we competed at our first pwn2own. We were able to successfully exploit the Lexmark MC3224i using a command injection 0-day. This post will detail the process we used ...