Pentest-Tools.com, Security Research Engineer
Security Researcher with a passion for cryptography, web exploitation, binary exploitation, who's always curious to discover new challenges. I am fascinated to look inside algorithms and methods which trigger vulnerabilities. I use my technical expertise to create and improve security systems.
Security Researcher with a passion for cryptography, web exploitation, binary exploitation, who's always curious to discover new challenges. I am fascinated to look inside algorithms and methods which trigger vulnerabilities. I use my technical expertise to create and improve security systems.
Your organization is a connected network of vendors, software, and people that keep your business operational. Each of these elements has various degrees of access to sensitive information which a bad actor can use as entry points in supply chain attacks.
I discovered this vulnerability for the first time in the Horizontall machine from Hack The Box, and the conditions in which it’s triggered pushed me to understand it in more detail. CVE-2021-3129 reminds me about a log poisoning vulnerability, but with a different flavor.
Thinking like an attacker is the right mindset that can help you better cope with this staggering growth of RCE vulnerabilities. As a pentester, you know it better than anyone. You’re also the best positioned to use your experience and know-how to detect exposed critical assets before malicious actors do. To help you help others, I’ll explore a critical RCE vulnerability in the Atlassian Confluence server across Linux and Windows in this practical guide packed with detection tactics and mitigation methods.
