Pentest-Tools.com, Security Research Engineer
Security research engineer with a passion for everything that "moves" in cybersecurity. Curious and eager to learn how stuff works while potentially breaking it in the process. I use my skills and knowledge to broaden the array of exploits we provide to our customers.
Security research engineer with a passion for everything that "moves" in cybersecurity. Curious and eager to learn how stuff works while potentially breaking it in the process. I use my skills and knowledge to broaden the array of exploits we provide to our customers.
Just a few months after the Log4Shell brutally shook our world, when things started to look calm and peaceful again, the Vulnerability Gods have unleashed upon us. Another similarly named vulnerability in a popular Java framework – Spring4Shell – came to light. Is CVE-2022-22965 as dangerous and as widespread as its (slightly) older sibling? Stick with us to find out!
Pattern recognition is what hundreds of security specialists in our community voted as the skill to cultivate for a rewarding infosec career. While we have some innate pattern recognition abilities, developing them is essential – and that’s a matter of practice. Working in offensive security gives you plenty of opportunities to do this, with new vulnerabilities ripe for close examination. So let’s go ahead and do just that while discovering how this CVE carries echoes from another vulnerability from a while back.
More high-risk vulnerabilities mean more work for you. The good news? You won’t be out of work anytime soon. The bad news? You’ll probably work a lot more than you anticipate. So how do you balance the good and the not-so-great? By having a replicable process for when a high-risk CVE that leads to RCE hits your targets (the likes of CVE-2021-21985).
