Categories • Page 4/5
Security research
Here’s where our security researchers analyze and share insights about the latest vulnerabilities, providing details on how they work, or how to exploit them.
How to attack F5 BIG-IP using CVE-2020-5902 (TMUI RCE)
Let’s tackle a vulnerability that broke out not only in BIG-IP firewalls but also on social media! When a major issue affecting a security product emerges, it immediately makes the headlines, the paradox of the situation impossible to ignore.
- Author(s)
- Published at
- Updated at
How to chain SMBleed and SMBGhost to get RCE in Windows 10
Think like an attacker, act like a defender. That’s the pentesters’ mantra, if you ask me. That’s why today we’re diving into one of the most interesting tactics that malicious actors use: vulnerability chaining.
- Author(s)
- Published at
- Updated at
How to exploit the DotNetNuke Cookie Deserialization
We looked at around 300 DotNetNuke deployments in the wild and discovered that one in five installations was vulnerable to CVE-2017-9822. That includes governmental and banking websites. As part of this research, we discovered a Remote Code Execution vulnerability exploitable through DNN Cookie Deserialization in one of the U.S. Department Of Defense’s biggest websites. After having responsibly reported it through HackerOne, the DOD solved the high-severity vulnerability and disclosed the report, with all details now publicly available.
- Author(s)
- Published at
- Updated at
How to detect the Microsoft SMBGhost vulnerability with Pentest-Tools.com
For the past couple of weeks, a critical RCE vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3) has kept both the Microsoft users and the security community on their toes. To help our customers better detect if their Windows hosts were affected by the critical SMBGhost vulnerability, we developed and added a new, dedicated scanner on Pentest-Tools.com.
- Author(s)
- Published at
- Updated at
How to detect the SACK Panic vulnerability with Wireshark
The security team at Pentest-Tools.com has recently performed an in-depth analysis of the SACK Panic vulnerability (which was first disclosed in June 2019) to find out its exploitability against Linux machines. Throughout this research, we’ve identified a new method to detect vulnerable servers using Wireshark, the popular network traffic analyzer.
- Author(s)
- Published at
- Updated at
Capital One, CafePress, Suprema data breaches and their root causes
In this article, we discuss some of the most recent data breaches, what are their root causes, and how to better secure your most valuable personal information and other digital assets.
- Author(s)
- Published at
- Updated at
Analysis of recent Exim mail server vulnerabilities
For the past months, multiple critical vulnerabilities were found in Exim mail servers that could allow attackers to gain remote access and perform malicious activities: CVE-2019-16928, CVE-2019-15846, and CVE-2019-10149.
- Author(s)
- Published at
- Updated at
BlueKeep, the Microsoft RDP vulnerability - What we know so far
BlueKeep is a critical security flaw found in Microsoft Remote Desktop Services that was making the headlines for the past two months. In this article, we explore the key facts about this vulnerability.
- Author(s)
- Published at
- Updated at